From edc84ee8392afa0102f098168329db5bb43a6d4b Mon Sep 17 00:00:00 2001 From: Jeff Sharkey Date: Mon, 19 Mar 2012 16:52:26 -0700 Subject: Selective enforcement of READ_EXTERNAL_STORAGE. Store enforcement state of specific permissions, allowing them to be selectively enforced. Currently supports READ_EXTERNAL_STORAGE, which by default isn't enforced, but enforcement can be enabled at runtime. Bug: 6131916 Change-Id: I4bcc215a2eb5e6507d6257b577311cbd13c77acf --- .../android/server/pm/PackageManagerService.java | 50 ++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'services/java/com/android/server/pm/PackageManagerService.java') diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java index 9f45eff..bc98f86 100644 --- a/services/java/com/android/server/pm/PackageManagerService.java +++ b/services/java/com/android/server/pm/PackageManagerService.java @@ -20,6 +20,10 @@ import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_USER; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED; +import static android.content.pm.PackageManager.ENFORCEMENT_DEFAULT; +import static android.content.pm.PackageManager.ENFORCEMENT_YES; +import static android.Manifest.permission.READ_EXTERNAL_STORAGE; +import static android.Manifest.permission.GRANT_REVOKE_PERMISSIONS; import static libcore.io.OsConstants.S_ISLNK; import com.android.internal.app.IMediaContainerService; @@ -1872,6 +1876,9 @@ public class PackageManagerService extends IPackageManager.Stub { return PackageManager.PERMISSION_GRANTED; } } + if (!isPermissionEnforcedLocked(permName)) { + return PackageManager.PERMISSION_GRANTED; + } } return PackageManager.PERMISSION_DENIED; } @@ -1890,6 +1897,9 @@ public class PackageManagerService extends IPackageManager.Stub { return PackageManager.PERMISSION_GRANTED; } } + if (!isPermissionEnforcedLocked(permName)) { + return PackageManager.PERMISSION_GRANTED; + } } return PackageManager.PERMISSION_DENIED; } @@ -8835,4 +8845,44 @@ public class PackageManagerService extends IPackageManager.Stub { public List getUsers() { return mUserManager.getUsers(); } + + @Override + public void setPermissionEnforcement(String permission, int enforcement) { + mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null); + if (READ_EXTERNAL_STORAGE.equals(permission)) { + synchronized (mPackages) { + if (mSettings.mReadExternalStorageEnforcement != enforcement) { + mSettings.mReadExternalStorageEnforcement = enforcement; + mSettings.writeLPr(); + } + } + } else { + throw new IllegalArgumentException("No selective enforcement for " + permission); + } + } + + @Override + public int getPermissionEnforcement(String permission) { + mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null); + if (READ_EXTERNAL_STORAGE.equals(permission)) { + synchronized (mPackages) { + return mSettings.mReadExternalStorageEnforcement; + } + } else { + throw new IllegalArgumentException("No selective enforcement for " + permission); + } + } + + private boolean isPermissionEnforcedLocked(String permission) { + if (READ_EXTERNAL_STORAGE.equals(permission)) { + switch (mSettings.mReadExternalStorageEnforcement) { + case ENFORCEMENT_DEFAULT: + return false; + case ENFORCEMENT_YES: + return true; + } + } + + return true; + } } -- cgit v1.1