diff options
author | Jeff Sharkey <jsharkey@android.com> | 2015-07-06 09:45:55 -0700 |
---|---|---|
committer | Jeff Sharkey <jsharkey@android.com> | 2015-07-06 10:54:28 -0700 |
commit | 32e80d7588720bdc9f8a3e961ac4566d7c80b2b9 (patch) | |
tree | f973bf150361de86acd613b0b597a7043e6ee3bc | |
parent | 1f6c9a12149040f7980a45cc6a6518bbb1d6cc7c (diff) | |
download | frameworks_base-32e80d7588720bdc9f8a3e961ac4566d7c80b2b9.zip frameworks_base-32e80d7588720bdc9f8a3e961ac4566d7c80b2b9.tar.gz frameworks_base-32e80d7588720bdc9f8a3e961ac4566d7c80b2b9.tar.bz2 |
Permission to view shared storage for all users.
Typical apps are restricted so they can only view shared storage
belonging to the user they're running as. However, a handful of
system components need access to shared storage across all users,
such as DefaultContainerService and SystemUI.
Since WRITE_MEDIA_STORAGE already offers this functionality by
bypassing any FUSE emulation, reuse it to grant the "sdcard_rw" GID
which is no longer handed out to third-party apps. Then we change
the FUSE daemon to allow the "sdcard_rw" GID to see shared storage
of all users.
Bug: 19995822
Change-Id: I504c2a179ba74f142ed0d32da5baa69f4212cd82
-rw-r--r-- | core/res/AndroidManifest.xml | 4 | ||||
-rw-r--r-- | data/etc/platform.xml | 1 | ||||
-rw-r--r-- | packages/DefaultContainerService/AndroidManifest.xml | 4 | ||||
-rw-r--r-- | packages/SystemUI/AndroidManifest.xml | 3 | ||||
-rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 5 |
5 files changed, 9 insertions, 8 deletions
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 4c1626a..8c868c9 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -1517,10 +1517,6 @@ <permission android:name="android.permission.SET_SCREEN_COMPATIBILITY" android:protectionLevel="signature" /> - <!-- Allows an application to access all multi-user external storage @hide --> - <permission android:name="android.permission.ACCESS_ALL_EXTERNAL_STORAGE" - android:protectionLevel="signature" /> - <!-- @SystemApi Allows an application to modify the current configuration, such as locale. --> <permission android:name="android.permission.CHANGE_CONFIGURATION" diff --git a/data/etc/platform.xml b/data/etc/platform.xml index 377e6a16..579d2df 100644 --- a/data/etc/platform.xml +++ b/data/etc/platform.xml @@ -60,6 +60,7 @@ <permission name="android.permission.WRITE_MEDIA_STORAGE" > <group gid="media_rw" /> + <group gid="sdcard_rw" /> </permission> <permission name="android.permission.ACCESS_MTP" > diff --git a/packages/DefaultContainerService/AndroidManifest.xml b/packages/DefaultContainerService/AndroidManifest.xml index 14777a9..6a72d83 100644 --- a/packages/DefaultContainerService/AndroidManifest.xml +++ b/packages/DefaultContainerService/AndroidManifest.xml @@ -5,10 +5,10 @@ <uses-permission android:name="android.permission.ASEC_DESTROY"/> <uses-permission android:name="android.permission.ASEC_MOUNT_UNMOUNT"/> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> - <!-- Used to improve MeasureUtils performance on emulated storage --> + <!-- Used to improve MeasureUtils performance on emulated storage, and to + view storage for all users --> <uses-permission android:name="android.permission.WRITE_MEDIA_STORAGE" /> <uses-permission android:name="android.permission.ACCESS_CACHE_FILESYSTEM" /> - <uses-permission android:name="android.permission.ACCESS_ALL_EXTERNAL_STORAGE" /> <application android:label="@string/service_name" android:allowBackup="false"> diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml index 7c56d63..ea032b3 100644 --- a/packages/SystemUI/AndroidManifest.xml +++ b/packages/SystemUI/AndroidManifest.xml @@ -25,7 +25,8 @@ <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" /> <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" /> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> - <uses-permission android:name="android.permission.ACCESS_ALL_EXTERNAL_STORAGE" /> + <!-- Used to read storage for all users --> + <uses-permission android:name="android.permission.WRITE_MEDIA_STORAGE" /> <uses-permission android:name="android.permission.WAKE_LOCK" /> <uses-permission android:name="android.permission.INJECT_EVENTS" /> diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 9a11397..9d35254 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -19,6 +19,7 @@ package com.android.server.pm; import static android.Manifest.permission.GRANT_REVOKE_PERMISSIONS; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; +import static android.Manifest.permission.WRITE_MEDIA_STORAGE; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED; @@ -2679,7 +2680,9 @@ public class PackageManagerService extends IPackageManager.Stub { if (Process.isIsolated(uid)) { return Zygote.MOUNT_EXTERNAL_NONE; } else { - if (checkUidPermission(WRITE_EXTERNAL_STORAGE, uid) == PERMISSION_GRANTED) { + if (checkUidPermission(WRITE_MEDIA_STORAGE, uid) == PERMISSION_GRANTED) { + return Zygote.MOUNT_EXTERNAL_DEFAULT; + } else if (checkUidPermission(WRITE_EXTERNAL_STORAGE, uid) == PERMISSION_GRANTED) { return Zygote.MOUNT_EXTERNAL_WRITE; } else if (checkUidPermission(READ_EXTERNAL_STORAGE, uid) == PERMISSION_GRANTED) { return Zygote.MOUNT_EXTERNAL_READ; |