Merge "Check READ_EXTERNAL enforcement outside of lock." into jb-mr1-dev

author: Jeff Sharkey <jsharkey@android.com> 2012-09-23 13:23:27 -0700
committer: Android (Google) Code Review <android-gerrit@google.com> 2012-09-23 13:23:39 -0700
commit: 5a370882f87321629f98f6149ac946a57e25dfa8 (patch)
tree: 1c6edf5c299b7f98e013cdd8a8228e1391dbef4f /services
parent: 11820f7386ce86fd89e9e6b49d9231dce6e1ed07 (diff)
parent: c50f31d213d6764602aed76ed9993d45d33d76d9 (diff)
download: frameworks_base-5a370882f87321629f98f6149ac946a57e25dfa8.zip
frameworks_base-5a370882f87321629f98f6149ac946a57e25dfa8.tar.gz
frameworks_base-5a370882f87321629f98f6149ac946a57e25dfa8.tar.bz2
1 files changed, 28 insertions, 8 deletions
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index 89c0efa..4b4febd 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -1715,6 +1715,7 @@ public class PackageManagerService extends IPackageManager.Stub {
     }
 
     public int[] getPackageGids(String packageName) {
+        final boolean enforcedDefault = isPermissionEnforcedDefault(READ_EXTERNAL_STORAGE);
         // reader
         synchronized (mPackages) {
             PackageParser.Package p = mPackages.get(packageName);
@@ -1726,7 +1727,7 @@ public class PackageManagerService extends IPackageManager.Stub {
                 int[] gids = suid != null ? suid.gids : ps.gids;
 
                 // include GIDs for any unenforced permissions
-                if (!isPermissionEnforcedLocked(READ_EXTERNAL_STORAGE)) {
+                if (!isPermissionEnforcedLocked(READ_EXTERNAL_STORAGE, enforcedDefault)) {
                     final BasePermission basePerm = mSettings.mPermissions.get(
                             READ_EXTERNAL_STORAGE);
                     gids = appendInts(gids, basePerm.gids);
@@ -2054,6 +2055,7 @@ public class PackageManagerService extends IPackageManager.Stub {
     }
 
     public int checkPermission(String permName, String pkgName) {
+        final boolean enforcedDefault = isPermissionEnforcedDefault(permName);
         synchronized (mPackages) {
             PackageParser.Package p = mPackages.get(pkgName);
             if (p != null && p.mExtras != null) {
@@ -2066,7 +2068,7 @@ public class PackageManagerService extends IPackageManager.Stub {
                     return PackageManager.PERMISSION_GRANTED;
                 }
             }
-            if (!isPermissionEnforcedLocked(permName)) {
+            if (!isPermissionEnforcedLocked(permName, enforcedDefault)) {
                 return PackageManager.PERMISSION_GRANTED;
             }
         }
@@ -2074,6 +2076,7 @@ public class PackageManagerService extends IPackageManager.Stub {
     }
 
     public int checkUidPermission(String permName, int uid) {
+        final boolean enforcedDefault = isPermissionEnforcedDefault(permName);
         synchronized (mPackages) {
             Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid));
             if (obj != null) {
@@ -2087,7 +2090,7 @@ public class PackageManagerService extends IPackageManager.Stub {
                     return PackageManager.PERMISSION_GRANTED;
                 }
             }
-            if (!isPermissionEnforcedLocked(permName)) {
+            if (!isPermissionEnforcedLocked(permName, enforcedDefault)) {
                 return PackageManager.PERMISSION_GRANTED;
             }
         }
@@ -10133,19 +10136,36 @@ public class PackageManagerService extends IPackageManager.Stub {
 
     @Override
     public boolean isPermissionEnforced(String permission) {
+        final boolean enforcedDefault = isPermissionEnforcedDefault(permission);
         synchronized (mPackages) {
-            return isPermissionEnforcedLocked(permission);
+            return isPermissionEnforcedLocked(permission, enforcedDefault);
         }
     }
 
-    private boolean isPermissionEnforcedLocked(String permission) {
+    /**
+     * Check if given permission should be enforced by default. Should always be
+     * called outside of {@link #mPackages} lock.
+     */
+    private boolean isPermissionEnforcedDefault(String permission) {
+        if (READ_EXTERNAL_STORAGE.equals(permission)) {
+            return Secure.getInt(mContext.getContentResolver(),
+                    Secure.READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT, 0) != 0;
+        } else {
+            return true;
+        }
+    }
+
+    /**
+     * Check if user has requested that given permission be enforced, using
+     * given default if undefined.
+     */
+    private boolean isPermissionEnforcedLocked(String permission, boolean enforcedDefault) {
         if (READ_EXTERNAL_STORAGE.equals(permission)) {
             if (mSettings.mReadExternalStorageEnforced != null) {
                 return mSettings.mReadExternalStorageEnforced;
             } else {
-                // if user hasn't defined, fall back to secure default
-                return Secure.getInt(mContext.getContentResolver(),
-                        Secure.READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT, 0) != 0;
+                // User hasn't defined; fall back to secure default
+                return enforcedDefault;
             }
         } else {
             return true;
author	Jeff Sharkey <jsharkey@android.com>	2012-09-23 13:23:27 -0700
committer	Android (Google) Code Review <android-gerrit@google.com>	2012-09-23 13:23:39 -0700
commit	5a370882f87321629f98f6149ac946a57e25dfa8 (patch)
tree	1c6edf5c299b7f98e013cdd8a8228e1391dbef4f /services
parent	11820f7386ce86fd89e9e6b49d9231dce6e1ed07 (diff)
parent	c50f31d213d6764602aed76ed9993d45d33d76d9 (diff)
download	frameworks_base-5a370882f87321629f98f6149ac946a57e25dfa8.zip frameworks_base-5a370882f87321629f98f6149ac946a57e25dfa8.tar.gz frameworks_base-5a370882f87321629f98f6149ac946a57e25dfa8.tar.bz2