Enforce READ_EXTERNAL through Settings.Secure.
Always defers to user-defined setting, when present.
Bug: 6389556
Change-Id: I079d2a41b772facfdac74eefc4c8072fc9284f97
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index a48924e..2baad62 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -23,7 +23,6 @@
import android.content.Intent;
import android.content.IntentFilter;
import android.content.IntentSender;
-import android.content.pm.ManifestDigest;
import android.content.res.Resources;
import android.content.res.XmlResourceParser;
import android.graphics.drawable.Drawable;
@@ -1090,10 +1089,6 @@
public static final String EXTRA_VERIFICATION_INSTALL_FLAGS
= "android.content.pm.extra.VERIFICATION_INSTALL_FLAGS";
- /** {@hide} */
- // TODO: enable this for userdebug and eng builds; see 6389556
- public static final boolean DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE = false;
-
/**
* Retrieve overall information about an application package that is
* installed on the system.
diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
index 497e66e8..ea3cab4 100644
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -4253,6 +4253,10 @@
/** Timeout for package verification. {@hide} */
public static final String PACKAGE_VERIFIER_TIMEOUT = "verifier_timeout";
+ /** {@hide} */
+ public static final String
+ READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT = "read_external_storage_enforced_default";
+
/**
* Duration in milliseconds before pre-authorized URIs for the contacts
* provider should expire.
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index d41cd5a..d7c5eea 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -98,6 +98,7 @@
import android.os.SystemClock;
import android.os.SystemProperties;
import android.os.UserId;
+import android.provider.Settings.Secure;
import android.security.SystemKeyStore;
import android.util.DisplayMetrics;
import android.util.EventLog;
@@ -9259,7 +9260,8 @@
mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
if (READ_EXTERNAL_STORAGE.equals(permission)) {
synchronized (mPackages) {
- if (mSettings.mReadExternalStorageEnforced != enforced) {
+ if (mSettings.mReadExternalStorageEnforced == null
+ || mSettings.mReadExternalStorageEnforced != enforced) {
mSettings.mReadExternalStorageEnforced = enforced;
mSettings.writeLPr();
@@ -9284,7 +9286,6 @@
@Override
public boolean isPermissionEnforced(String permission) {
- mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
synchronized (mPackages) {
return isPermissionEnforcedLocked(permission);
}
@@ -9292,7 +9293,13 @@
private boolean isPermissionEnforcedLocked(String permission) {
if (READ_EXTERNAL_STORAGE.equals(permission)) {
- return mSettings.mReadExternalStorageEnforced;
+ if (mSettings.mReadExternalStorageEnforced != null) {
+ return mSettings.mReadExternalStorageEnforced;
+ } else {
+ // if user hasn't defined, fall back to secure default
+ return Secure.getInt(mContext.getContentResolver(),
+ Secure.READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT, 0) != 0;
+ }
} else {
return true;
}
diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java
index d0eda2d..ffb69fa 100644
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@@ -111,7 +111,7 @@
int mInternalSdkPlatform;
int mExternalSdkPlatform;
- boolean mReadExternalStorageEnforced = PackageManager.DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE;
+ Boolean mReadExternalStorageEnforced;
/** Device identity for the purpose of package verification. */
private VerifierDeviceIdentity mVerifierDeviceIdentity;
@@ -1147,8 +1147,7 @@
serializer.endTag(null, "verifier");
}
- if (mReadExternalStorageEnforced
- != PackageManager.DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE) {
+ if (mReadExternalStorageEnforced != null) {
serializer.startTag(null, TAG_READ_EXTERNAL_STORAGE);
serializer.attribute(
null, ATTR_ENFORCEMENT, mReadExternalStorageEnforced ? "1" : "0");