Add and enforce the permission for encrypting/decrypting.
Change-Id: Ia292d8a5981266c2703743beb79fd786d77b375d
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 9b890fa..08ce256 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1284,6 +1284,13 @@
android:description="@string/permlab_copyProtectedData"
android:protectionLevel="signature" />
+ <!-- Internal permission protecting access to the encryption methods
+ @hide
+ -->
+ <permission android:name="android.permission.CRYPT_KEEPER"
+ android:protectionLevel="signatureOrSystem" />
+
+
<!-- C2DM permission.
@hide Used internally.
-->
diff --git a/services/java/com/android/server/MountService.java b/services/java/com/android/server/MountService.java
index d862585..7440f52 100644
--- a/services/java/com/android/server/MountService.java
+++ b/services/java/com/android/server/MountService.java
@@ -19,6 +19,7 @@
import com.android.internal.app.IMediaContainerService;
import com.android.server.am.ActivityManagerService;
+import android.Manifest;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
import android.content.Context;
@@ -1635,7 +1636,8 @@
throw new IllegalArgumentException("password cannot be null");
}
- // TODO: Enforce a permission
+ mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
+ "no permission to access the crypt keeper");
waitForReady();
@@ -1675,12 +1677,13 @@
throw new IllegalArgumentException("password cannot be null");
}
- // TODO: Enforce a permission
+ mContext.enforceCallingOrSelfPermission(Manifest.permission.CRYPT_KEEPER,
+ "no permission to access the crypt keeper");
waitForReady();
if (DEBUG_EVENTS) {
- Slog.i(TAG, "decrypting storage...");
+ Slog.i(TAG, "encrypting storage...");
}
try {