summaryrefslogtreecommitdiffstats
path: root/services
diff options
context:
space:
mode:
authorJeff Sharkey <jsharkey@android.com>2016-10-31 14:33:49 -0600
committerAbhisek Devkota <ciwrl@lineageos.org>2017-02-03 23:17:31 +0000
commit012f0762275df7125358e8db352834af60495b43 (patch)
tree9488c57511b12aff42543e1b3401924043e39227 /services
parentb144167b77155517639372713070556fbc510d81 (diff)
downloadframeworks_base-012f0762275df7125358e8db352834af60495b43.zip
frameworks_base-012f0762275df7125358e8db352834af60495b43.tar.gz
frameworks_base-012f0762275df7125358e8db352834af60495b43.tar.bz2
Public volumes belong to a single user.
When a public (vfat) device is inserted, it's strongly associated with the current foreground user, and no other users should be able to access it, since otherwise that would be a cross-user data leak. To use the device under a different user, switch users and then eject/remount the device. Test: verified user isolation of USB drive Bug: 32523490 Change-Id: I590c791996f1fea8d78f625dc942d149f1f41614 (cherry picked from commit 8b38d083c42e2706e1ff5a1410fa61d1f5dea3f5) (cherry picked from commit 47e62b7fe6807a274ba760a8fecfd624fe792da9)
Diffstat (limited to 'services')
-rw-r--r--services/core/java/com/android/server/MountService.java9
1 files changed, 8 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index d539201..60d7428 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -169,6 +169,11 @@ class MountService extends IMountService.Stub
}
@Override
+ public void onSwitchUser(int userHandle) {
+ mMountService.mCurrentUserId = userHandle;
+ }
+
+ @Override
public void onStartUser(int userHandle) {
mMountService.onStartUser(userHandle);
}
@@ -307,6 +312,8 @@ class MountService extends IMountService.Stub
@GuardedBy("mLock")
private String mMoveTargetUuid;
+ private volatile int mCurrentUserId = UserHandle.USER_OWNER;
+
private VolumeInfo findVolumeByIdOrThrow(String id) {
synchronized (mLock) {
final VolumeInfo vol = mVolumes.get(id);
@@ -1193,7 +1200,7 @@ class MountService extends IMountService.Stub
vol.mountFlags |= VolumeInfo.MOUNT_FLAG_VISIBLE;
}
- vol.mountUserId = UserHandle.USER_OWNER;
+ vol.mountUserId = mCurrentUserId;
mHandler.obtainMessage(H_VOLUME_MOUNT, vol).sendToTarget();
} else if (vol.type == VolumeInfo.TYPE_PRIVATE) {