tree e4a1b09347294e2a120bb206e68452285e6eeafa
parent 657f85110e9e47fd18bde57f007fe1e10348537f
author Martijn Coenen <maco@google.com> 1620717489 +0200
committer Martijn Coenen <maco@google.com> 1621249104 +0200

Introduce user cache and resolve cross-profile access correctly.

The current MediaProvider code assumed that when a binder call comes in
from a process with a different user-id than ourselves, it is aimed at
the storage of that user. While this is true for clone users (and other
profiles that share media with the parent), it is generally not true for
cross-profile intents like the ones used with a work profile, where an
image from the primary user can be returned to the work profile. When
the work profile resolves such an image, it will go to the owner
MediaProvider, and it should also use the owner database in that case.

To fix this, introduce a user cache that keeps track of the users for
which we are handling storage volumes; if the binder call is coming from
a user for which we are handling storage, use that user-id in the
LocalCallingIdentity; if it's coming from a user-id for which we are not
handling storage, assume it's targeted at the owner users storage
instead.

Bug: 186889014
Bug: 186893062
Bug: 187289954
Bug: 187386209
Test: TEST_MAPPING; manual CTS Verifier tests described in bugs
Change-Id: I061276998205b9f0908ca2264d3af80415c9cf32