summaryrefslogtreecommitdiffstats
path: root/services/java
diff options
context:
space:
mode:
Diffstat (limited to 'services/java')
-rw-r--r--services/java/com/android/server/pm/PackageManagerService.java50
-rw-r--r--services/java/com/android/server/pm/Settings.java21
2 files changed, 70 insertions, 1 deletions
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index 9f45eff..bc98f86 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -20,6 +20,10 @@ import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT;
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED;
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_USER;
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED;
+import static android.content.pm.PackageManager.ENFORCEMENT_DEFAULT;
+import static android.content.pm.PackageManager.ENFORCEMENT_YES;
+import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
+import static android.Manifest.permission.GRANT_REVOKE_PERMISSIONS;
import static libcore.io.OsConstants.S_ISLNK;
import com.android.internal.app.IMediaContainerService;
@@ -1872,6 +1876,9 @@ public class PackageManagerService extends IPackageManager.Stub {
return PackageManager.PERMISSION_GRANTED;
}
}
+ if (!isPermissionEnforcedLocked(permName)) {
+ return PackageManager.PERMISSION_GRANTED;
+ }
}
return PackageManager.PERMISSION_DENIED;
}
@@ -1890,6 +1897,9 @@ public class PackageManagerService extends IPackageManager.Stub {
return PackageManager.PERMISSION_GRANTED;
}
}
+ if (!isPermissionEnforcedLocked(permName)) {
+ return PackageManager.PERMISSION_GRANTED;
+ }
}
return PackageManager.PERMISSION_DENIED;
}
@@ -8835,4 +8845,44 @@ public class PackageManagerService extends IPackageManager.Stub {
public List<UserInfo> getUsers() {
return mUserManager.getUsers();
}
+
+ @Override
+ public void setPermissionEnforcement(String permission, int enforcement) {
+ mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
+ if (READ_EXTERNAL_STORAGE.equals(permission)) {
+ synchronized (mPackages) {
+ if (mSettings.mReadExternalStorageEnforcement != enforcement) {
+ mSettings.mReadExternalStorageEnforcement = enforcement;
+ mSettings.writeLPr();
+ }
+ }
+ } else {
+ throw new IllegalArgumentException("No selective enforcement for " + permission);
+ }
+ }
+
+ @Override
+ public int getPermissionEnforcement(String permission) {
+ mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
+ if (READ_EXTERNAL_STORAGE.equals(permission)) {
+ synchronized (mPackages) {
+ return mSettings.mReadExternalStorageEnforcement;
+ }
+ } else {
+ throw new IllegalArgumentException("No selective enforcement for " + permission);
+ }
+ }
+
+ private boolean isPermissionEnforcedLocked(String permission) {
+ if (READ_EXTERNAL_STORAGE.equals(permission)) {
+ switch (mSettings.mReadExternalStorageEnforcement) {
+ case ENFORCEMENT_DEFAULT:
+ return false;
+ case ENFORCEMENT_YES:
+ return true;
+ }
+ }
+
+ return true;
+ }
}
diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java
index 5da6ac9..363d020 100644
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@@ -20,6 +20,7 @@ import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT;
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED;
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_USER;
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED;
+import static android.content.pm.PackageManager.ENFORCEMENT_DEFAULT;
import com.android.internal.util.FastXmlSerializer;
import com.android.internal.util.JournaledFile;
@@ -74,6 +75,9 @@ final class Settings {
private static final boolean DEBUG_STOPPED = false;
+ private static final String TAG_READ_EXTERNAL_STORAGE = "read-external-storage";
+ private static final String ATTR_ENFORCEMENT = "enforcement";
+
private final File mSettingsFilename;
private final File mBackupSettingsFilename;
private final File mPackageListFilename;
@@ -91,6 +95,8 @@ final class Settings {
int mInternalSdkPlatform;
int mExternalSdkPlatform;
+ int mReadExternalStorageEnforcement = ENFORCEMENT_DEFAULT;
+
/** Device identity for the purpose of package verification. */
private VerifierDeviceIdentity mVerifierDeviceIdentity;
@@ -864,13 +870,20 @@ final class Settings {
serializer.attribute(null, "internal", Integer.toString(mInternalSdkPlatform));
serializer.attribute(null, "external", Integer.toString(mExternalSdkPlatform));
serializer.endTag(null, "last-platform-version");
-
+
if (mVerifierDeviceIdentity != null) {
serializer.startTag(null, "verifier");
serializer.attribute(null, "device", mVerifierDeviceIdentity.toString());
serializer.endTag(null, "verifier");
}
+ if (mReadExternalStorageEnforcement != ENFORCEMENT_DEFAULT) {
+ serializer.startTag(null, TAG_READ_EXTERNAL_STORAGE);
+ serializer.attribute(
+ null, ATTR_ENFORCEMENT, Integer.toString(mReadExternalStorageEnforcement));
+ serializer.endTag(null, TAG_READ_EXTERNAL_STORAGE);
+ }
+
serializer.startTag(null, "permission-trees");
for (BasePermission bp : mPermissionTrees.values()) {
writePermissionLPr(serializer, bp);
@@ -1291,6 +1304,12 @@ final class Settings {
Slog.w(PackageManagerService.TAG, "Discard invalid verifier device id: "
+ e.getMessage());
}
+ } else if (TAG_READ_EXTERNAL_STORAGE.equals(tagName)) {
+ final String enforcement = parser.getAttributeValue(null, ATTR_ENFORCEMENT);
+ try {
+ mReadExternalStorageEnforcement = Integer.parseInt(enforcement);
+ } catch (NumberFormatException e) {
+ }
} else {
Slog.w(PackageManagerService.TAG, "Unknown element under <packages>: "
+ parser.getName());
generated by cgit v1.1 at 2025-11-13 00:38:37 +0000