commit b78b754dc01cf7114b859ad7ab4494699edae6cb
author Jeff Sharkey <jsharkey@android.com> Thu Jan 04 15:07:38 2018 -0700
committer Jeff Sharkey <jsharkey@android.com> Thu Jan 04 15:07:41 2018 -0700
tree 0670dd2046fbe8e66034495b52cf3c7fc21bbd00
parent 60de82d1991a4ef810e44ea6f27a182c2a101e0c

Enforce file transfer restrictions for shell.

If we have a policy that says DISALLOW_USB_FILE_TRANSFER, then block
file transfers for that user through common ContentProviders.

Test: builds, boots
Bug: 64672411
Change-Id: I502b10c2c229727bc6b421f9db6d2d9e2e03845c

packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java

diff --git a/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java b/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java
index f844cc1..2a82fc9 100644
--- a/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java
+++ b/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java
@@ -19,7 +19,6 @@
 import android.annotation.Nullable;
 import android.app.usage.StorageStatsManager;
 import android.content.ContentResolver;
-import android.content.Context;
 import android.content.UriPermission;
 import android.database.Cursor;
 import android.database.MatrixCursor;
@@ -28,7 +27,9 @@
 import android.os.Binder;
 import android.os.Bundle;
 import android.os.Environment;
+import android.os.IBinder;
 import android.os.UserHandle;
+import android.os.UserManager;
 import android.os.storage.DiskInfo;
 import android.os.storage.StorageManager;
 import android.os.storage.VolumeInfo;
@@ -95,6 +96,7 @@
     private static final String ROOT_ID_HOME = "home";
 
     private StorageManager mStorageManager;
+    private UserManager mUserManager;
 
     private final Object mRootsLock = new Object();
 
@@ -105,12 +107,35 @@
     public boolean onCreate() {
         super.onCreate(DEFAULT_DOCUMENT_PROJECTION);
 
-        mStorageManager = (StorageManager) getContext().getSystemService(Context.STORAGE_SERVICE);
+        mStorageManager = getContext().getSystemService(StorageManager.class);
+        mUserManager = getContext().getSystemService(UserManager.class);
 
         updateVolumes();
         return true;
     }
 
+    private void enforceShellRestrictions() {
+        if (UserHandle.getCallingAppId() == android.os.Process.SHELL_UID
+                && mUserManager.hasUserRestriction(UserManager.DISALLOW_USB_FILE_TRANSFER)) {
+            throw new SecurityException(
+                    "Shell user cannot access files for user " + UserHandle.myUserId());
+        }
+    }
+
+    @Override
+    protected int enforceReadPermissionInner(Uri uri, String callingPkg, IBinder callerToken)
+            throws SecurityException {
+        enforceShellRestrictions();
+        return super.enforceReadPermissionInner(uri, callingPkg, callerToken);
+    }
+
+    @Override
+    protected int enforceWritePermissionInner(Uri uri, String callingPkg, IBinder callerToken)
+            throws SecurityException {
+        enforceShellRestrictions();
+        return super.enforceWritePermissionInner(uri, callingPkg, callerToken);
+    }
+
     public void updateVolumes() {
         synchronized (mRootsLock) {
             updateVolumesLocked();