commit f53857716a0db805c51c0cae93550d90e32e4749
author Jeff Sharkey <jsharkey@android.com> Fri May 11 14:04:41 2012 -0700
committer Jeff Sharkey <jsharkey@android.com> Fri May 11 15:31:39 2012 -0700
tree f08bea9fbd41f3299a42c68740d286d614e37f65
parent 0891a89790777e2f88f413351fafe49dda36714f

Enforce READ_EXTERNAL through Settings.Secure.

Always defers to user-defined setting, when present.

Bug: 6389556
Change-Id: I079d2a41b772facfdac74eefc4c8072fc9284f97

core/java/android/content/pm/PackageManager.java

diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index a48924e..2baad62 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -23,7 +23,6 @@
 import android.content.Intent;
 import android.content.IntentFilter;
 import android.content.IntentSender;
-import android.content.pm.ManifestDigest;
 import android.content.res.Resources;
 import android.content.res.XmlResourceParser;
 import android.graphics.drawable.Drawable;
@@ -1090,10 +1089,6 @@
     public static final String EXTRA_VERIFICATION_INSTALL_FLAGS
             = "android.content.pm.extra.VERIFICATION_INSTALL_FLAGS";
 
-    /** {@hide} */
-    // TODO: enable this for userdebug and eng builds; see 6389556
-    public static final boolean DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE = false;
-
     /**
      * Retrieve overall information about an application package that is
      * installed on the system.

core/java/android/provider/Settings.java

diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
index 497e66e8..ea3cab4 100644
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -4253,6 +4253,10 @@
         /** Timeout for package verification. {@hide} */
         public static final String PACKAGE_VERIFIER_TIMEOUT = "verifier_timeout";
 
+        /** {@hide} */
+        public static final String
+                READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT = "read_external_storage_enforced_default";
+
         /**
          * Duration in milliseconds before pre-authorized URIs for the contacts
          * provider should expire.

services/java/com/android/server/pm/PackageManagerService.java

diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index d41cd5a..d7c5eea 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -98,6 +98,7 @@
 import android.os.SystemClock;
 import android.os.SystemProperties;
 import android.os.UserId;
+import android.provider.Settings.Secure;
 import android.security.SystemKeyStore;
 import android.util.DisplayMetrics;
 import android.util.EventLog;
@@ -9259,7 +9260,8 @@
         mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
         if (READ_EXTERNAL_STORAGE.equals(permission)) {
             synchronized (mPackages) {
-                if (mSettings.mReadExternalStorageEnforced != enforced) {
+                if (mSettings.mReadExternalStorageEnforced == null
+                        || mSettings.mReadExternalStorageEnforced != enforced) {
                     mSettings.mReadExternalStorageEnforced = enforced;
                     mSettings.writeLPr();
 
@@ -9284,7 +9286,6 @@
 
     @Override
     public boolean isPermissionEnforced(String permission) {
-        mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
         synchronized (mPackages) {
             return isPermissionEnforcedLocked(permission);
         }
@@ -9292,7 +9293,13 @@
 
     private boolean isPermissionEnforcedLocked(String permission) {
         if (READ_EXTERNAL_STORAGE.equals(permission)) {
-            return mSettings.mReadExternalStorageEnforced;
+            if (mSettings.mReadExternalStorageEnforced != null) {
+                return mSettings.mReadExternalStorageEnforced;
+            } else {
+                // if user hasn't defined, fall back to secure default
+                return Secure.getInt(mContext.getContentResolver(),
+                        Secure.READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT, 0) != 0;
+            }
         } else {
             return true;
         }

services/java/com/android/server/pm/Settings.java

diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java
index d0eda2d..ffb69fa 100644
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@@ -111,7 +111,7 @@
     int mInternalSdkPlatform;
     int mExternalSdkPlatform;
 
-    boolean mReadExternalStorageEnforced = PackageManager.DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE;
+    Boolean mReadExternalStorageEnforced;
 
     /** Device identity for the purpose of package verification. */
     private VerifierDeviceIdentity mVerifierDeviceIdentity;
@@ -1147,8 +1147,7 @@
                 serializer.endTag(null, "verifier");
             }
 
-            if (mReadExternalStorageEnforced
-                    != PackageManager.DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE) {
+            if (mReadExternalStorageEnforced != null) {
                 serializer.startTag(null, TAG_READ_EXTERNAL_STORAGE);
                 serializer.attribute(
                         null, ATTR_ENFORCEMENT, mReadExternalStorageEnforced ? "1" : "0");