Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / providers / MediaProvider / 392dde650378f52e031ef0bf0dac5f4697311bcd^1..392dde650378f52e031ef0bf0dac5f4697311bcd / .
commit392dde650378f52e031ef0bf0dac5f4697311bcd[log] [tgz]
authorTreeHugger Robot <treehugger-gerrit@google.com>Wed Dec 16 20:11:18 2020 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Wed Dec 16 20:11:18 2020 +0000
tree1bb20b3738c3aa3fb563b0d1ac3ef9ab02beeaa5
parent1893ad2ca94e9fa3747e158950d466aa4e66e3b0 [diff]
parent5298b8489794b42435260f5afe55449a1c61e6ca [diff]
Merge "Use AppOp value from local identity cache." into mainline-prod
diff --git a/src/com/android/providers/media/LocalCallingIdentity.java b/src/com/android/providers/media/LocalCallingIdentity.java
index ba22182..56e11bc 100644
--- a/src/com/android/providers/media/LocalCallingIdentity.java
+++ b/src/com/android/providers/media/LocalCallingIdentity.java

@@ -21,6 +21,7 @@
 import static android.app.AppOpsManager.permissionToOp;
 import static android.content.pm.PackageManager.PERMISSION_DENIED;
 
+import static com.android.providers.media.util.PermissionUtils.checkAppOpRequestInstallPackagesForSharedUid;
 import static com.android.providers.media.util.PermissionUtils.checkIsLegacyStorageGranted;
 import static com.android.providers.media.util.PermissionUtils.checkPermissionDelegator;
 import static com.android.providers.media.util.PermissionUtils.checkPermissionInstallPackages;
@@ -216,9 +217,17 @@
     public static final int PERMISSION_WRITE_IMAGES = 1 << 21;
 
     public static final int PERMISSION_IS_SYSTEM_GALLERY = 1 << 22;
+    /**
+     * Explicitly checks **only** for INSTALL_PACKAGES runtime permission.
+     */
     public static final int PERMISSION_INSTALL_PACKAGES = 1 << 23;
     public static final int PERMISSION_WRITE_EXTERNAL_STORAGE = 1 << 24;
 
+    /**
+     * Checks if REQUEST_INSTALL_PACKAGES app-op is allowed for any package sharing this UID.
+     */
+    public static final int APPOP_REQUEST_INSTALL_PACKAGES_FOR_SHARED_UID = 1 << 25;
+
     private int hasPermission;
     private int hasPermissionResolved;
 
@@ -287,6 +296,9 @@
             case PERMISSION_INSTALL_PACKAGES:
                 return checkPermissionInstallPackages(
                         context, pid, uid, getPackageName(), attributionTag);
+            case APPOP_REQUEST_INSTALL_PACKAGES_FOR_SHARED_UID:
+                return checkAppOpRequestInstallPackagesForSharedUid(
+                        context, uid, getSharedPackageNames(), attributionTag);
             default:
                 return false;
         }

diff --git a/src/com/android/providers/media/MediaProvider.java b/src/com/android/providers/media/MediaProvider.java
index bb93287..2b23dd6 100644
--- a/src/com/android/providers/media/MediaProvider.java
+++ b/src/com/android/providers/media/MediaProvider.java

@@ -39,6 +39,7 @@
 
 import static com.android.providers.media.DatabaseHelper.EXTERNAL_DATABASE_NAME;
 import static com.android.providers.media.DatabaseHelper.INTERNAL_DATABASE_NAME;
+import static com.android.providers.media.LocalCallingIdentity.APPOP_REQUEST_INSTALL_PACKAGES_FOR_SHARED_UID;
 import static com.android.providers.media.LocalCallingIdentity.PERMISSION_INSTALL_PACKAGES;
 import static com.android.providers.media.LocalCallingIdentity.PERMISSION_IS_DELEGATOR;
 import static com.android.providers.media.LocalCallingIdentity.PERMISSION_IS_LEGACY_GRANTED;
@@ -7559,14 +7560,7 @@
         // one of the packages has the appop granted.
         // To maintain consistency of access in primary volume and secondary volumes use the same
         // logic as we do for Zygote.MOUNT_EXTERNAL_INSTALLER view.
-        // TODO (b/173600911): Improve performance by caching this info.
-        for (String uidPackageName : mCallingIdentity.get().getSharedPackageNames()) {
-            if (mAppOpsManager.unsafeCheckOpRawNoThrow(AppOpsManager.OPSTR_REQUEST_INSTALL_PACKAGES,
-                    uid, uidPackageName) == AppOpsManager.MODE_ALLOWED) {
-                return true;
-            }
-        }
-        return false;
+        return mCallingIdentity.get().hasPermission(APPOP_REQUEST_INSTALL_PACKAGES_FOR_SHARED_UID);
     }
 
     private boolean isCallingIdentityDownloadProvider(int uid) {

diff --git a/src/com/android/providers/media/util/PermissionUtils.java b/src/com/android/providers/media/util/PermissionUtils.java
index 9593b18..349e4a4 100644
--- a/src/com/android/providers/media/util/PermissionUtils.java
+++ b/src/com/android/providers/media/util/PermissionUtils.java

@@ -23,6 +23,7 @@
 import static android.Manifest.permission.UPDATE_DEVICE_STATS;
 import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;
 import static android.app.AppOpsManager.MODE_ALLOWED;
+import static android.app.AppOpsManager.OPSTR_REQUEST_INSTALL_PACKAGES;
 import static android.app.AppOpsManager.OPSTR_LEGACY_STORAGE;
 import static android.app.AppOpsManager.OPSTR_READ_MEDIA_AUDIO;
 import static android.app.AppOpsManager.OPSTR_READ_MEDIA_IMAGES;
@@ -206,6 +207,20 @@
                 generateAppOpMessage(packageName, sOpDescription.get()));
     }
 
+    /**
+     * Returns {@code true} if any package for the given uid has request_install_packages app op.
+     */
+    public static boolean checkAppOpRequestInstallPackagesForSharedUid(@NonNull Context context,
+            int uid, @NonNull String[] sharedPackageNames, @Nullable String attributionTag) {
+        for (String packageName : sharedPackageNames) {
+            if (checkAppOp(context, OPSTR_REQUEST_INSTALL_PACKAGES, uid, packageName,
+                    attributionTag, generateAppOpMessage(packageName, sOpDescription.get()))) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     @VisibleForTesting
     static boolean checkNoIsolatedStorageGranted(@NonNull Context context, int uid,
             @NonNull String packageName, @Nullable String attributionTag) {