Restrict access_mtp permission access to Android/
Ensure only platform signed apps holding the access_mtp permission can
access the sensitive Android/
TODO: On devices without sdcardfs, will also need to give the two new
ext_data_rw and ext_obb_rw gids to these processes. May need to do
same for apps with pass_through mount mode as well
Test: MTP app still has sdcard_rw
Bug: 148555237
Change-Id: I140a2ffec8a5887c7cd25d6976ee19555f2a47c1
diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
index a04f25b..ffdaa65 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
@@ -3941,8 +3941,12 @@
final boolean hasMtp = mIPackageManager.checkUidPermission(ACCESS_MTP, uid) ==
PERMISSION_GRANTED;
if (mIsFuseEnabled && hasMtp) {
- // The process hosting the MTP server should be able to write in Android/
- return Zygote.MOUNT_EXTERNAL_ANDROID_WRITABLE;
+ ApplicationInfo ai = mIPackageManager.getApplicationInfo(packageName,
+ 0, UserHandle.getUserId(uid));
+ if (ai.isSignedWithPlatformKey()) {
+ // Platform processes hosting the MTP server should be able to write in Android/
+ return Zygote.MOUNT_EXTERNAL_ANDROID_WRITABLE;
+ }
}
// Determine if caller is holding runtime permission