Add GIDs to packages.list, update SD card perms.
Write supplementary GIDs to packages.list for lower-level system
components to parse.
WRITE_EXTERNAL_STORAGE also implies sdcard_r GID. Switch to always
enforce READ_EXTERNAL_STORAGE permission. Update permission docs to
mention new behavior.
Change-Id: I316ba4b21beebb387ac05c80980ae9b38235b37d
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index 656080b..78c1c79 100755
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -1792,8 +1792,8 @@
}
}
+ @Override
public int[] getPackageGids(String packageName) {
- final boolean enforcedDefault = isPermissionEnforcedDefault(READ_EXTERNAL_STORAGE);
// reader
synchronized (mPackages) {
PackageParser.Package p = mPackages.get(packageName);
@@ -1801,17 +1801,7 @@
Log.v(TAG, "getPackageGids" + packageName + ": " + p);
if (p != null) {
final PackageSetting ps = (PackageSetting)p.mExtras;
- final SharedUserSetting suid = ps.sharedUser;
- int[] gids = suid != null ? suid.gids : ps.gids;
-
- // include GIDs for any unenforced permissions
- if (!isPermissionEnforcedLocked(READ_EXTERNAL_STORAGE, enforcedDefault)) {
- final BasePermission basePerm = mSettings.mPermissions.get(
- READ_EXTERNAL_STORAGE);
- gids = appendInts(gids, basePerm.gids);
- }
-
- return gids;
+ return ps.getGids();
}
}
// stupid thing to indicate an error.
@@ -2132,7 +2122,6 @@
}
public int checkPermission(String permName, String pkgName) {
- final boolean enforcedDefault = isPermissionEnforcedDefault(permName);
synchronized (mPackages) {
PackageParser.Package p = mPackages.get(pkgName);
if (p != null && p.mExtras != null) {
@@ -2145,15 +2134,11 @@
return PackageManager.PERMISSION_GRANTED;
}
}
- if (!isPermissionEnforcedLocked(permName, enforcedDefault)) {
- return PackageManager.PERMISSION_GRANTED;
- }
}
return PackageManager.PERMISSION_DENIED;
}
public int checkUidPermission(String permName, int uid) {
- final boolean enforcedDefault = isPermissionEnforcedDefault(permName);
synchronized (mPackages) {
Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid));
if (obj != null) {
@@ -2167,9 +2152,6 @@
return PackageManager.PERMISSION_GRANTED;
}
}
- if (!isPermissionEnforcedLocked(permName, enforcedDefault)) {
- return PackageManager.PERMISSION_GRANTED;
- }
}
return PackageManager.PERMISSION_DENIED;
}
@@ -11112,42 +11094,9 @@
}
@Override
+ @Deprecated
public boolean isPermissionEnforced(String permission) {
- final boolean enforcedDefault = isPermissionEnforcedDefault(permission);
- synchronized (mPackages) {
- return isPermissionEnforcedLocked(permission, enforcedDefault);
- }
- }
-
- /**
- * Check if given permission should be enforced by default. Should always be
- * called outside of {@link #mPackages} lock.
- */
- private boolean isPermissionEnforcedDefault(String permission) {
- if (READ_EXTERNAL_STORAGE.equals(permission)) {
- return android.provider.Settings.Global.getInt(mContext.getContentResolver(),
- android.provider.Settings.Global.READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT, 0)
- != 0;
- } else {
- return true;
- }
- }
-
- /**
- * Check if user has requested that given permission be enforced, using
- * given default if undefined.
- */
- private boolean isPermissionEnforcedLocked(String permission, boolean enforcedDefault) {
- if (READ_EXTERNAL_STORAGE.equals(permission)) {
- if (mSettings.mReadExternalStorageEnforced != null) {
- return mSettings.mReadExternalStorageEnforced;
- } else {
- // User hasn't defined; fall back to secure default
- return enforcedDefault;
- }
- } else {
- return true;
- }
+ return true;
}
public boolean isStorageLow() {
diff --git a/services/java/com/android/server/pm/PackageSetting.java b/services/java/com/android/server/pm/PackageSetting.java
index f7f0870..b6f9f5b 100644
--- a/services/java/com/android/server/pm/PackageSetting.java
+++ b/services/java/com/android/server/pm/PackageSetting.java
@@ -52,4 +52,8 @@
+ Integer.toHexString(System.identityHashCode(this))
+ " " + name + "/" + appId + "}";
}
-}
\ No newline at end of file
+
+ public int[] getGids() {
+ return sharedUser != null ? sharedUser.gids : gids;
+ }
+}
diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java
index e78362b..e18202b 100644
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@@ -1385,9 +1385,10 @@
StringBuilder sb = new StringBuilder();
for (final PackageSetting pkg : mPackages.values()) {
- ApplicationInfo ai = pkg.pkg.applicationInfo;
- String dataPath = ai.dataDir;
- boolean isDebug = (ai.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
+ final ApplicationInfo ai = pkg.pkg.applicationInfo;
+ final String dataPath = ai.dataDir;
+ final boolean isDebug = (ai.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
+ final int[] gids = pkg.getGids();
// Avoid any application that has a space in its path
// or that is handled by the system.
@@ -1401,6 +1402,7 @@
// debugFlag - 0 or 1 if the package is debuggable.
// dataPath - path to package's data path
// seinfo - seinfo label for the app (assigned at install time)
+ // gids - supplementary gids this app launches with
//
// NOTE: We prefer not to expose all ApplicationInfo flags for now.
//
@@ -1417,6 +1419,16 @@
sb.append(dataPath);
sb.append(" ");
sb.append(ai.seinfo);
+ sb.append(" ");
+ if (gids != null && gids.length > 0) {
+ sb.append(gids[0]);
+ for (int i = 1; i < gids.length; i++) {
+ sb.append(",");
+ sb.append(gids[i]);
+ }
+ } else {
+ sb.append("none");
+ }
sb.append("\n");
str.write(sb.toString().getBytes());
}
@@ -1425,6 +1437,7 @@
str.close();
journal.commit();
} catch (Exception e) {
+ Log.wtf(TAG, "Failed to write packages.list", e);
IoUtils.closeQuietly(str);
journal.rollback();
}