Merge "Don't use noteop for preflight checks" into qt-dev
diff --git a/core/java/android/os/Environment.java b/core/java/android/os/Environment.java
index 9e9e68d..ed5c1b1 100644
--- a/core/java/android/os/Environment.java
+++ b/core/java/android/os/Environment.java
@@ -1148,9 +1148,9 @@
final Context context = AppGlobals.getInitialApplication();
final AppOpsManager appOps = context.getSystemService(AppOpsManager.class);
- final boolean hasLegacy = appOps.noteOpNoThrow(AppOpsManager.OP_LEGACY_STORAGE,
+ final boolean hasLegacy = appOps.checkOpNoThrow(AppOpsManager.OP_LEGACY_STORAGE,
context.getApplicationInfo().uid,
- context.getPackageName()) == AppOpsManager.MODE_ALLOWED;
+ context.getOpPackageName()) == AppOpsManager.MODE_ALLOWED;
// STOPSHIP: only use app-op once permission model has fully landed
final boolean requestedLegacy = !AppGlobals.getInitialApplication().getApplicationInfo()
diff --git a/core/java/android/os/storage/StorageManager.java b/core/java/android/os/storage/StorageManager.java
index c57bf91..075b650 100644
--- a/core/java/android/os/storage/StorageManager.java
+++ b/core/java/android/os/storage/StorageManager.java
@@ -1652,6 +1652,26 @@
*/
public static boolean checkPermissionAndAppOp(Context context, boolean enforce,
int pid, int uid, String packageName, String permission, int op) {
+ return checkPermissionAndAppOp(context, enforce, pid, uid, packageName, permission, op,
+ true);
+ }
+
+ /**
+ * Check that given app holds both permission and appop but do not noteOp.
+ * @hide
+ */
+ public static boolean checkPermissionAndCheckOp(Context context, boolean enforce,
+ int pid, int uid, String packageName, String permission, int op) {
+ return checkPermissionAndAppOp(context, enforce, pid, uid, packageName, permission, op,
+ false);
+ }
+
+ /**
+ * Check that given app holds both permission and appop.
+ * @hide
+ */
+ private static boolean checkPermissionAndAppOp(Context context, boolean enforce,
+ int pid, int uid, String packageName, String permission, int op, boolean note) {
if (context.checkPermission(permission, pid, uid) != PERMISSION_GRANTED) {
if (enforce) {
throw new SecurityException(
@@ -1662,7 +1682,21 @@
}
AppOpsManager appOps = context.getSystemService(AppOpsManager.class);
- final int mode = appOps.noteOpNoThrow(op, uid, packageName);
+ final int mode;
+ if (note) {
+ mode = appOps.noteOpNoThrow(op, uid, packageName);
+ } else {
+ try {
+ appOps.checkPackage(uid, packageName);
+ } catch (SecurityException e) {
+ if (enforce) {
+ throw e;
+ } else {
+ return false;
+ }
+ }
+ mode = appOps.checkOpNoThrow(op, uid, packageName);
+ }
switch (mode) {
case AppOpsManager.MODE_ALLOWED:
return true;
diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
index 0786b18..da9cffa 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
@@ -3836,9 +3836,9 @@
}
// Determine if caller is holding runtime permission
- final boolean hasRead = StorageManager.checkPermissionAndAppOp(mContext, false, 0,
+ final boolean hasRead = StorageManager.checkPermissionAndCheckOp(mContext, false, 0,
uid, packageName, READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE);
- final boolean hasWrite = StorageManager.checkPermissionAndAppOp(mContext, false, 0,
+ final boolean hasWrite = StorageManager.checkPermissionAndCheckOp(mContext, false, 0,
uid, packageName, WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE);
// STOPSHIP: remove this temporary hack once we have dynamic runtime
// permissions fully enabled again