| /* |
| * Copyright (C) 2006 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.providers.media; |
| |
| import static android.Manifest.permission.ACCESS_MEDIA_LOCATION; |
| import static android.app.AppOpsManager.permissionToOp; |
| import static android.app.PendingIntent.FLAG_CANCEL_CURRENT; |
| import static android.app.PendingIntent.FLAG_IMMUTABLE; |
| import static android.app.PendingIntent.FLAG_ONE_SHOT; |
| import static android.content.ContentResolver.QUERY_ARG_SQL_SELECTION; |
| import static android.content.ContentResolver.QUERY_ARG_SQL_SELECTION_ARGS; |
| import static android.content.pm.PackageManager.PERMISSION_GRANTED; |
| import static android.database.Cursor.FIELD_TYPE_BLOB; |
| import static android.provider.CloudMediaProviderContract.EXTRA_ASYNC_CONTENT_PROVIDER; |
| import static android.provider.CloudMediaProviderContract.METHOD_GET_ASYNC_CONTENT_PROVIDER; |
| import static android.provider.MediaStore.Files.FileColumns.MEDIA_TYPE; |
| import static android.provider.MediaStore.Files.FileColumns.MEDIA_TYPE_IMAGE; |
| import static android.provider.MediaStore.Files.FileColumns._SPECIAL_FORMAT; |
| import static android.provider.MediaStore.Files.FileColumns._SPECIAL_FORMAT_NONE; |
| import static android.provider.MediaStore.MATCH_DEFAULT; |
| import static android.provider.MediaStore.MATCH_EXCLUDE; |
| import static android.provider.MediaStore.MATCH_INCLUDE; |
| import static android.provider.MediaStore.MATCH_ONLY; |
| import static android.provider.MediaStore.MY_UID; |
| import static android.provider.MediaStore.PER_USER_RANGE; |
| import static android.provider.MediaStore.QUERY_ARG_DEFER_SCAN; |
| import static android.provider.MediaStore.QUERY_ARG_MATCH_FAVORITE; |
| import static android.provider.MediaStore.QUERY_ARG_MATCH_PENDING; |
| import static android.provider.MediaStore.QUERY_ARG_MATCH_TRASHED; |
| import static android.provider.MediaStore.QUERY_ARG_REDACTED_URI; |
| import static android.provider.MediaStore.QUERY_ARG_RELATED_URI; |
| import static android.provider.MediaStore.VOLUME_EXTERNAL; |
| import static android.provider.MediaStore.getVolumeName; |
| import static android.system.OsConstants.F_GETFL; |
| |
| import static com.android.providers.media.DatabaseHelper.EXTERNAL_DATABASE_NAME; |
| import static com.android.providers.media.DatabaseHelper.INTERNAL_DATABASE_NAME; |
| import static com.android.providers.media.LocalCallingIdentity.APPOP_REQUEST_INSTALL_PACKAGES_FOR_SHARED_UID; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_ACCESS_MTP; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_INSTALL_PACKAGES; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_IS_DELEGATOR; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_IS_LEGACY_GRANTED; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_IS_LEGACY_READ; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_IS_LEGACY_WRITE; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_IS_MANAGER; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_IS_REDACTION_NEEDED; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_IS_SELF; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_IS_SHELL; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_IS_SYSTEM_GALLERY; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_READ_AUDIO; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_READ_IMAGES; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_READ_VIDEO; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_WRITE_AUDIO; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_WRITE_EXTERNAL_STORAGE; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_WRITE_IMAGES; |
| import static com.android.providers.media.LocalCallingIdentity.PERMISSION_WRITE_VIDEO; |
| import static com.android.providers.media.PickerUriResolver.getMediaUri; |
| import static com.android.providers.media.scan.MediaScanner.REASON_DEMAND; |
| import static com.android.providers.media.scan.MediaScanner.REASON_IDLE; |
| import static com.android.providers.media.util.DatabaseUtils.bindList; |
| import static com.android.providers.media.util.FileUtils.DEFAULT_FOLDER_NAMES; |
| import static com.android.providers.media.util.FileUtils.PATTERN_PENDING_FILEPATH_FOR_SQL; |
| import static com.android.providers.media.util.FileUtils.buildPrimaryVolumeFile; |
| import static com.android.providers.media.util.FileUtils.extractDisplayName; |
| import static com.android.providers.media.util.FileUtils.extractFileExtension; |
| import static com.android.providers.media.util.FileUtils.extractFileName; |
| import static com.android.providers.media.util.FileUtils.extractOwnerPackageNameFromRelativePath; |
| import static com.android.providers.media.util.FileUtils.extractPathOwnerPackageName; |
| import static com.android.providers.media.util.FileUtils.extractRelativePath; |
| import static com.android.providers.media.util.FileUtils.extractRelativePathWithDisplayName; |
| import static com.android.providers.media.util.FileUtils.extractTopLevelDir; |
| import static com.android.providers.media.util.FileUtils.extractVolumeName; |
| import static com.android.providers.media.util.FileUtils.extractVolumePath; |
| import static com.android.providers.media.util.FileUtils.fromFuseFile; |
| import static com.android.providers.media.util.FileUtils.getAbsoluteSanitizedPath; |
| import static com.android.providers.media.util.FileUtils.isCrossUserEnabled; |
| import static com.android.providers.media.util.FileUtils.isDataOrObbPath; |
| import static com.android.providers.media.util.FileUtils.isDataOrObbRelativePath; |
| import static com.android.providers.media.util.FileUtils.isDownload; |
| import static com.android.providers.media.util.FileUtils.isExternalMediaDirectory; |
| import static com.android.providers.media.util.FileUtils.isObbOrChildRelativePath; |
| import static com.android.providers.media.util.FileUtils.sanitizePath; |
| import static com.android.providers.media.util.FileUtils.toFuseFile; |
| import static com.android.providers.media.util.Logging.LOGV; |
| import static com.android.providers.media.util.Logging.TAG; |
| import static com.android.providers.media.util.SyntheticPathUtils.REDACTED_URI_ID_PREFIX; |
| import static com.android.providers.media.util.SyntheticPathUtils.REDACTED_URI_ID_SIZE; |
| import static com.android.providers.media.util.SyntheticPathUtils.createSparseFile; |
| import static com.android.providers.media.util.SyntheticPathUtils.extractSyntheticRelativePathSegements; |
| import static com.android.providers.media.util.SyntheticPathUtils.getRedactedRelativePath; |
| import static com.android.providers.media.util.SyntheticPathUtils.isPickerPath; |
| import static com.android.providers.media.util.SyntheticPathUtils.isRedactedPath; |
| import static com.android.providers.media.util.SyntheticPathUtils.isSyntheticPath; |
| |
| import android.annotation.IntDef; |
| import android.app.AppOpsManager; |
| import android.app.AppOpsManager.OnOpActiveChangedListener; |
| import android.app.AppOpsManager.OnOpChangedListener; |
| import android.app.DownloadManager; |
| import android.app.PendingIntent; |
| import android.app.RecoverableSecurityException; |
| import android.app.RemoteAction; |
| import android.app.admin.DevicePolicyManager; |
| import android.app.compat.CompatChanges; |
| import android.compat.annotation.ChangeId; |
| import android.compat.annotation.EnabledAfter; |
| import android.content.BroadcastReceiver; |
| import android.content.ClipData; |
| import android.content.ClipDescription; |
| import android.content.ContentProvider; |
| import android.content.ContentProviderClient; |
| import android.content.ContentProviderOperation; |
| import android.content.ContentProviderResult; |
| import android.content.ContentResolver; |
| import android.content.ContentUris; |
| import android.content.ContentValues; |
| import android.content.Context; |
| import android.content.Intent; |
| import android.content.IntentFilter; |
| import android.content.OperationApplicationException; |
| import android.content.SharedPreferences; |
| import android.content.UriMatcher; |
| import android.content.pm.ApplicationInfo; |
| import android.content.pm.PackageInstaller.SessionInfo; |
| import android.content.pm.PackageManager; |
| import android.content.pm.PackageManager.NameNotFoundException; |
| import android.content.pm.PermissionGroupInfo; |
| import android.content.pm.ProviderInfo; |
| import android.content.res.AssetFileDescriptor; |
| import android.content.res.Configuration; |
| import android.content.res.Resources; |
| import android.database.Cursor; |
| import android.database.MatrixCursor; |
| import android.database.sqlite.SQLiteConstraintException; |
| import android.database.sqlite.SQLiteDatabase; |
| import android.graphics.Bitmap; |
| import android.graphics.BitmapFactory; |
| import android.graphics.drawable.Icon; |
| import android.icu.util.ULocale; |
| import android.media.ExifInterface; |
| import android.media.ThumbnailUtils; |
| import android.mtp.MtpConstants; |
| import android.net.Uri; |
| import android.os.Binder; |
| import android.os.Binder.ProxyTransactListener; |
| import android.os.Build; |
| import android.os.Bundle; |
| import android.os.CancellationSignal; |
| import android.os.Environment; |
| import android.os.IBinder; |
| import android.os.ParcelFileDescriptor; |
| import android.os.ParcelFileDescriptor.OnCloseListener; |
| import android.os.Parcelable; |
| import android.os.Process; |
| import android.os.RemoteException; |
| import android.os.SystemClock; |
| import android.os.Trace; |
| import android.os.UserHandle; |
| import android.os.UserManager; |
| import android.os.storage.StorageManager; |
| import android.os.storage.StorageManager.StorageVolumeCallback; |
| import android.os.storage.StorageVolume; |
| import android.preference.PreferenceManager; |
| import android.provider.AsyncContentProvider; |
| import android.provider.BaseColumns; |
| import android.provider.Column; |
| import android.provider.DeviceConfig; |
| import android.provider.DeviceConfig.OnPropertiesChangedListener; |
| import android.provider.DocumentsContract; |
| import android.provider.ExportedSince; |
| import android.provider.IAsyncContentProvider; |
| import android.provider.MediaStore; |
| import android.provider.MediaStore.Audio; |
| import android.provider.MediaStore.Audio.AudioColumns; |
| import android.provider.MediaStore.Audio.Playlists; |
| import android.provider.MediaStore.Downloads; |
| import android.provider.MediaStore.Files; |
| import android.provider.MediaStore.Files.FileColumns; |
| import android.provider.MediaStore.Images; |
| import android.provider.MediaStore.Images.ImageColumns; |
| import android.provider.MediaStore.MediaColumns; |
| import android.provider.MediaStore.Video; |
| import android.system.ErrnoException; |
| import android.system.Os; |
| import android.system.OsConstants; |
| import android.system.StructStat; |
| import android.text.TextUtils; |
| import android.text.format.DateUtils; |
| import android.util.ArrayMap; |
| import android.util.ArraySet; |
| import android.util.DisplayMetrics; |
| import android.util.Log; |
| import android.util.LongSparseArray; |
| import android.util.Pair; |
| import android.util.Size; |
| import android.util.SparseArray; |
| import android.webkit.MimeTypeMap; |
| |
| import androidx.annotation.GuardedBy; |
| import androidx.annotation.Keep; |
| import androidx.annotation.NonNull; |
| import androidx.annotation.Nullable; |
| import androidx.annotation.RequiresApi; |
| import androidx.annotation.VisibleForTesting; |
| |
| import com.android.modules.utils.BackgroundThread; |
| import com.android.modules.utils.build.SdkLevel; |
| import com.android.providers.media.DatabaseHelper.OnFilesChangeListener; |
| import com.android.providers.media.DatabaseHelper.OnLegacyMigrationListener; |
| import com.android.providers.media.dao.FileRow; |
| import com.android.providers.media.fuse.ExternalStorageServiceImpl; |
| import com.android.providers.media.fuse.FuseDaemon; |
| import com.android.providers.media.metrics.PulledMetrics; |
| import com.android.providers.media.photopicker.PickerDataLayer; |
| import com.android.providers.media.photopicker.PickerSyncController; |
| import com.android.providers.media.photopicker.data.ExternalDbFacade; |
| import com.android.providers.media.photopicker.data.PickerDbFacade; |
| import com.android.providers.media.playlist.Playlist; |
| import com.android.providers.media.scan.MediaScanner; |
| import com.android.providers.media.scan.ModernMediaScanner; |
| import com.android.providers.media.util.CachedSupplier; |
| import com.android.providers.media.util.DatabaseUtils; |
| import com.android.providers.media.util.FileUtils; |
| import com.android.providers.media.util.ForegroundThread; |
| import com.android.providers.media.util.IsoInterface; |
| import com.android.providers.media.util.Logging; |
| import com.android.providers.media.util.LongArray; |
| import com.android.providers.media.util.Metrics; |
| import com.android.providers.media.util.MimeUtils; |
| import com.android.providers.media.util.PermissionUtils; |
| import com.android.providers.media.util.Preconditions; |
| import com.android.providers.media.util.SQLiteQueryBuilder; |
| import com.android.providers.media.util.SpecialFormatDetector; |
| import com.android.providers.media.util.StringUtils; |
| import com.android.providers.media.util.UserCache; |
| import com.android.providers.media.util.XAttrUtils; |
| import com.android.providers.media.util.XmpInterface; |
| |
| import com.google.common.hash.Hashing; |
| |
| import java.io.File; |
| import java.io.FileDescriptor; |
| import java.io.FileInputStream; |
| import java.io.FileNotFoundException; |
| import java.io.FileOutputStream; |
| import java.io.IOException; |
| import java.io.OutputStream; |
| import java.io.PrintWriter; |
| import java.lang.annotation.Retention; |
| import java.lang.annotation.RetentionPolicy; |
| import java.lang.reflect.InvocationTargetException; |
| import java.lang.reflect.Method; |
| import java.nio.charset.StandardCharsets; |
| import java.nio.file.Path; |
| import java.util.ArrayList; |
| import java.util.Arrays; |
| import java.util.Collection; |
| import java.util.HashSet; |
| import java.util.LinkedHashMap; |
| import java.util.List; |
| import java.util.Locale; |
| import java.util.Map; |
| import java.util.Objects; |
| import java.util.Optional; |
| import java.util.Set; |
| import java.util.UUID; |
| import java.util.concurrent.CountDownLatch; |
| import java.util.concurrent.ExecutionException; |
| import java.util.concurrent.TimeUnit; |
| import java.util.concurrent.TimeoutException; |
| import java.util.function.Consumer; |
| import java.util.function.Supplier; |
| import java.util.function.UnaryOperator; |
| import java.util.regex.Matcher; |
| import java.util.regex.Pattern; |
| import java.util.stream.Collectors; |
| |
| /** |
| * Media content provider. See {@link android.provider.MediaStore} for details. |
| * Separate databases are kept for each external storage card we see (using the |
| * card's ID as an index). The content visible at content://media/external/... |
| * changes with the card. |
| */ |
| public class MediaProvider extends ContentProvider { |
| /** |
| * Enables checks to stop apps from inserting and updating to private files via media provider. |
| */ |
| @ChangeId |
| @EnabledAfter(targetSdkVersion = android.os.Build.VERSION_CODES.R) |
| static final long ENABLE_CHECKS_FOR_PRIVATE_FILES = 172100307L; |
| |
| /** |
| * Regex of a selection string that matches a specific ID. |
| */ |
| static final Pattern PATTERN_SELECTION_ID = Pattern.compile( |
| "(?:image_id|video_id)\\s*=\\s*(\\d+)"); |
| |
| /** File access by uid requires the transcoding transform */ |
| private static final int FLAG_TRANSFORM_TRANSCODING = 1 << 0; |
| |
| /** File access by uid is a synthetic path corresponding to a redacted URI */ |
| private static final int FLAG_TRANSFORM_REDACTION = 1 << 1; |
| |
| /** File access by uid is a synthetic path corresponding to a picker URI */ |
| private static final int FLAG_TRANSFORM_PICKER = 1 << 2; |
| |
| /** |
| * These directory names aren't declared in Environment as final variables, and so we need to |
| * have the same values in separate final variables in order to have them considered constant |
| * expressions. |
| * These directory names are intentionally in lower case to ease the case insensitive path |
| * comparison. |
| */ |
| private static final String DIRECTORY_MUSIC_LOWER_CASE = "music"; |
| private static final String DIRECTORY_PODCASTS_LOWER_CASE = "podcasts"; |
| private static final String DIRECTORY_RINGTONES_LOWER_CASE = "ringtones"; |
| private static final String DIRECTORY_ALARMS_LOWER_CASE = "alarms"; |
| private static final String DIRECTORY_NOTIFICATIONS_LOWER_CASE = "notifications"; |
| private static final String DIRECTORY_PICTURES_LOWER_CASE = "pictures"; |
| private static final String DIRECTORY_MOVIES_LOWER_CASE = "movies"; |
| private static final String DIRECTORY_DOWNLOADS_LOWER_CASE = "download"; |
| private static final String DIRECTORY_DCIM_LOWER_CASE = "dcim"; |
| private static final String DIRECTORY_DOCUMENTS_LOWER_CASE = "documents"; |
| private static final String DIRECTORY_AUDIOBOOKS_LOWER_CASE = "audiobooks"; |
| private static final String DIRECTORY_RECORDINGS_LOWER_CASE = "recordings"; |
| private static final String DIRECTORY_ANDROID_LOWER_CASE = "android"; |
| |
| private static final String DIRECTORY_MEDIA = "media"; |
| private static final String DIRECTORY_THUMBNAILS = ".thumbnails"; |
| |
| /** |
| * Hard-coded filename where the current value of |
| * {@link DatabaseHelper#getOrCreateUuid} is persisted on a physical SD card |
| * to help identify stale thumbnail collections. |
| */ |
| private static final String FILE_DATABASE_UUID = ".database_uuid"; |
| |
| /** |
| * Specify what default directories the caller gets full access to. By default, the caller |
| * shouldn't get full access to any default dirs. |
| * But for example, we do an exception for System Gallery apps and allow them full access to: |
| * DCIM, Pictures, Movies. |
| */ |
| private static final String INCLUDED_DEFAULT_DIRECTORIES = |
| "android:included-default-directories"; |
| |
| /** |
| * Value indicating that operations should include database rows matching the criteria defined |
| * by this key only when calling package has write permission to the database row or column is |
| * {@column MediaColumns#IS_PENDING} and is set by FUSE. |
| * <p> |
| * Note that items <em>not</em> matching the criteria will also be included, and as part of this |
| * match no additional write permission checks are carried out for those items. |
| */ |
| private static final int MATCH_VISIBLE_FOR_FILEPATH = 32; |
| |
| private static final int NON_HIDDEN_CACHE_SIZE = 50; |
| |
| /** |
| * This is required as idle maintenance maybe stopped anytime; we do not want to query |
| * and accumulate values to update for a long time, instead we want to batch query and update |
| * by a limited number. |
| */ |
| private static final int IDLE_MAINTENANCE_ROWS_LIMIT = 1000; |
| |
| /** |
| * Where clause to match pending files from FUSE. Pending files from FUSE will not have |
| * PATTERN_PENDING_FILEPATH_FOR_SQL pattern. |
| */ |
| private static final String MATCH_PENDING_FROM_FUSE = String.format("lower(%s) NOT REGEXP '%s'", |
| MediaColumns.DATA, PATTERN_PENDING_FILEPATH_FOR_SQL); |
| |
| /** |
| * This flag is replaced with {@link MediaStore#QUERY_ARG_DEFER_SCAN} from S onwards and only |
| * kept around for app compatibility in R. |
| */ |
| private static final String QUERY_ARG_DO_ASYNC_SCAN = "android:query-arg-do-async-scan"; |
| /** |
| * Enable option to defer the scan triggered as part of MediaProvider#update() |
| */ |
| @ChangeId |
| @EnabledAfter(targetSdkVersion = android.os.Build.VERSION_CODES.R) |
| static final long ENABLE_DEFERRED_SCAN = 180326732L; |
| |
| /** |
| * Enable option to include database rows of files from recently unmounted |
| * volume in MediaProvider#query |
| */ |
| @ChangeId |
| @EnabledAfter(targetSdkVersion = Build.VERSION_CODES.R) |
| static final long ENABLE_INCLUDE_ALL_VOLUMES = 182734110L; |
| |
| /** |
| * Set of {@link Cursor} columns that refer to raw filesystem paths. |
| */ |
| private static final ArrayMap<String, Object> sDataColumns = new ArrayMap<>(); |
| |
| static { |
| sDataColumns.put(MediaStore.MediaColumns.DATA, null); |
| sDataColumns.put(MediaStore.Images.Thumbnails.DATA, null); |
| sDataColumns.put(MediaStore.Video.Thumbnails.DATA, null); |
| sDataColumns.put(MediaStore.Audio.PlaylistsColumns.DATA, null); |
| sDataColumns.put(MediaStore.Audio.AlbumColumns.ALBUM_ART, null); |
| } |
| |
| private static final int sUserId = UserHandle.myUserId(); |
| |
| /** |
| * Please use {@link getDownloadsProviderAuthority()} instead of using this directly. |
| */ |
| private static final String DOWNLOADS_PROVIDER_AUTHORITY = "downloads"; |
| |
| @GuardedBy("mPendingOpenInfo") |
| private final Map<Integer, PendingOpenInfo> mPendingOpenInfo = new ArrayMap<>(); |
| |
| @GuardedBy("mNonHiddenPaths") |
| private final LRUCache<String, Integer> mNonHiddenPaths = new LRUCache<>(NON_HIDDEN_CACHE_SIZE); |
| |
| public void updateVolumes() { |
| mVolumeCache.update(); |
| // Update filters to reflect mounted volumes so users don't get |
| // confused by metadata from ejected volumes |
| ForegroundThread.getExecutor().execute(() -> { |
| mExternalDatabase.setFilterVolumeNames(mVolumeCache.getExternalVolumeNames()); |
| }); |
| } |
| |
| public @NonNull MediaVolume getVolume(@NonNull String volumeName) throws FileNotFoundException { |
| return mVolumeCache.findVolume(volumeName, mCallingIdentity.get().getUser()); |
| } |
| |
| public @NonNull File getVolumePath(@NonNull String volumeName) throws FileNotFoundException { |
| // Ugly hack to keep unit tests passing, where we don't always have a |
| // Context to discover volumes with |
| if (getContext() == null) { |
| return Environment.getExternalStorageDirectory(); |
| } |
| |
| return mVolumeCache.getVolumePath(volumeName, mCallingIdentity.get().getUser()); |
| } |
| |
| public @NonNull String getVolumeId(@NonNull File file) throws FileNotFoundException { |
| return mVolumeCache.getVolumeId(file); |
| } |
| |
| private @NonNull Collection<File> getAllowedVolumePaths(String volumeName) |
| throws FileNotFoundException { |
| // This method is used to verify whether a path belongs to a certain volume name; |
| // we can't always use the calling user's identity here to determine exactly which |
| // volume is meant, because the MediaScanner may scan paths belonging to another user, |
| // eg a clone user. |
| // So, for volumes like external_primary, just return allowed paths for all users. |
| List<UserHandle> users = mUserCache.getUsersCached(); |
| ArrayList<File> allowedPaths = new ArrayList<>(); |
| for (UserHandle user : users) { |
| Collection<File> volumeScanPaths = mVolumeCache.getVolumeScanPaths(volumeName, user); |
| allowedPaths.addAll(volumeScanPaths); |
| } |
| |
| return allowedPaths; |
| } |
| |
| /** |
| * Frees any cache held by MediaProvider. |
| * |
| * @param bytes number of bytes which need to be freed |
| */ |
| public void freeCache(long bytes) { |
| mTranscodeHelper.freeCache(bytes); |
| } |
| |
| public void onAnrDelayStarted(@NonNull String packageName, int uid, int tid, int reason) { |
| mTranscodeHelper.onAnrDelayStarted(packageName, uid, tid, reason); |
| } |
| |
| private volatile Locale mLastLocale = Locale.getDefault(); |
| |
| private StorageManager mStorageManager; |
| private AppOpsManager mAppOpsManager; |
| private PackageManager mPackageManager; |
| private DevicePolicyManager mDevicePolicyManager; |
| private UserManager mUserManager; |
| private PickerUriResolver mPickerUriResolver; |
| |
| private UserCache mUserCache; |
| private VolumeCache mVolumeCache; |
| |
| private int mExternalStorageAuthorityAppId; |
| private int mDownloadsAuthorityAppId; |
| private Size mThumbSize; |
| |
| /** |
| * Map from UID to cached {@link LocalCallingIdentity}. Values are only |
| * maintained in this map while the UID is actively working with a |
| * performance-critical component, such as camera. |
| */ |
| @GuardedBy("mCachedCallingIdentity") |
| private final SparseArray<LocalCallingIdentity> mCachedCallingIdentity = new SparseArray<>(); |
| |
| private final OnOpActiveChangedListener mActiveListener = (code, uid, packageName, active) -> { |
| synchronized (mCachedCallingIdentity) { |
| if (active) { |
| // TODO moltmann: Set correct featureId |
| mCachedCallingIdentity.put(uid, |
| LocalCallingIdentity.fromExternal(getContext(), mUserCache, uid, |
| packageName, null)); |
| } else { |
| mCachedCallingIdentity.remove(uid); |
| } |
| } |
| }; |
| |
| /** |
| * Map from UID to cached {@link LocalCallingIdentity}. Values are only |
| * maintained in this map until there's any change in the appops needed or packages |
| * used in the {@link LocalCallingIdentity}. |
| */ |
| @GuardedBy("mCachedCallingIdentityForFuse") |
| private final SparseArray<LocalCallingIdentity> mCachedCallingIdentityForFuse = |
| new SparseArray<>(); |
| |
| private OnOpChangedListener mModeListener = |
| (op, packageName) -> invalidateLocalCallingIdentityCache(packageName, "op " + op); |
| |
| /** |
| * Retrieves a cached calling identity or creates a new one. Also, always sets the app-op |
| * description for the calling identity. |
| */ |
| private LocalCallingIdentity getCachedCallingIdentityForFuse(int uid) { |
| synchronized (mCachedCallingIdentityForFuse) { |
| PermissionUtils.setOpDescription("via FUSE"); |
| LocalCallingIdentity identity = mCachedCallingIdentityForFuse.get(uid); |
| if (identity == null) { |
| identity = LocalCallingIdentity.fromExternal(getContext(), mUserCache, uid); |
| if (uidToUserId(uid) == sUserId) { |
| mCachedCallingIdentityForFuse.put(uid, identity); |
| } else { |
| // In some app cloning designs, MediaProvider user 0 may |
| // serve requests for apps running as a "clone" user; in |
| // those cases, don't keep a cache for the clone user, since |
| // we don't get any invalidation events for these users. |
| } |
| } |
| return identity; |
| } |
| } |
| |
| /** |
| * Calling identity state about on the current thread. Populated on demand, |
| * and invalidated by {@link #onCallingPackageChanged()} when each remote |
| * call is finished. |
| */ |
| private final ThreadLocal<LocalCallingIdentity> mCallingIdentity = ThreadLocal |
| .withInitial(() -> { |
| PermissionUtils.setOpDescription("via MediaProvider"); |
| synchronized (mCachedCallingIdentity) { |
| final LocalCallingIdentity cached = mCachedCallingIdentity |
| .get(Binder.getCallingUid()); |
| return (cached != null) ? cached |
| : LocalCallingIdentity.fromBinder(getContext(), this, mUserCache); |
| } |
| }); |
| |
| /** |
| * We simply propagate the UID that is being tracked by |
| * {@link LocalCallingIdentity}, which means we accurately blame both |
| * incoming Binder calls and FUSE calls. |
| */ |
| private final ProxyTransactListener mTransactListener = new ProxyTransactListener() { |
| @Override |
| public Object onTransactStarted(IBinder binder, int transactionCode) { |
| if (LOGV) Trace.beginSection(Thread.currentThread().getStackTrace()[5].getMethodName()); |
| return Binder.setCallingWorkSourceUid(mCallingIdentity.get().uid); |
| } |
| |
| @Override |
| public void onTransactEnded(Object session) { |
| final long token = (long) session; |
| Binder.restoreCallingWorkSource(token); |
| if (LOGV) Trace.endSection(); |
| } |
| }; |
| |
| // In memory cache of path<->id mappings, to speed up inserts during media scan |
| @GuardedBy("mDirectoryCache") |
| private final ArrayMap<String, Long> mDirectoryCache = new ArrayMap<>(); |
| |
| private static final String[] sDataOnlyColumn = new String[] { |
| FileColumns.DATA |
| }; |
| |
| private static final String ID_NOT_PARENT_CLAUSE = |
| "_id NOT IN (SELECT parent FROM files WHERE parent IS NOT NULL)"; |
| |
| private static final String CANONICAL = "canonical"; |
| |
| private static final String ALL_VOLUMES = "all_volumes"; |
| |
| private BroadcastReceiver mPackageReceiver = new BroadcastReceiver() { |
| @Override |
| public void onReceive(Context context, Intent intent) { |
| switch (intent.getAction()) { |
| case Intent.ACTION_PACKAGE_REMOVED: |
| case Intent.ACTION_PACKAGE_ADDED: |
| Uri uri = intent.getData(); |
| String pkg = uri != null ? uri.getSchemeSpecificPart() : null; |
| if (pkg != null) { |
| invalidateLocalCallingIdentityCache(pkg, "package " + intent.getAction()); |
| if (Intent.ACTION_PACKAGE_REMOVED.equals(intent.getAction())) { |
| mUserCache.invalidateWorkProfileOwnerApps(pkg); |
| mPickerSyncController.notifyPackageRemoval(pkg); |
| } |
| } else { |
| Log.w(TAG, "Failed to retrieve package from intent: " + intent.getAction()); |
| } |
| break; |
| } |
| } |
| }; |
| |
| private BroadcastReceiver mUserIntentReceiver = new BroadcastReceiver() { |
| @Override |
| public void onReceive(Context context, Intent intent) { |
| switch (intent.getAction()) { |
| case Intent.ACTION_USER_REMOVED: |
| /** |
| * Removing media files for user being deleted. This would impact if the deleted |
| * user have been using same MediaProvider as the current user i.e. when |
| * isMediaSharedWithParent is true.On removal of such user profile, |
| * the owner's MediaProvider would need to clean any media files stored |
| * by the removed user profile. |
| */ |
| UserHandle userToBeRemoved = intent.getParcelableExtra(Intent.EXTRA_USER); |
| if(userToBeRemoved.getIdentifier() != sUserId){ |
| mExternalDatabase.runWithTransaction((db) -> { |
| db.execSQL("delete from files where _user_id=?", |
| new String[]{String.valueOf(userToBeRemoved.getIdentifier())}); |
| return null ; |
| }); |
| } |
| break; |
| } |
| } |
| }; |
| |
| |
| private void invalidateLocalCallingIdentityCache(String packageName, String reason) { |
| synchronized (mCachedCallingIdentityForFuse) { |
| try { |
| Log.i(TAG, "Invalidating LocalCallingIdentity cache for package " + packageName |
| + ". Reason: " + reason); |
| mCachedCallingIdentityForFuse.remove( |
| getContext().getPackageManager().getPackageUid(packageName, 0)); |
| } catch (NameNotFoundException ignored) { |
| } |
| } |
| } |
| |
| private final void updateQuotaTypeForUri(@NonNull Uri uri, int mediaType) { |
| Trace.beginSection("updateQuotaTypeForUri"); |
| File file; |
| try { |
| file = queryForDataFile(uri, null); |
| if (!file.exists()) { |
| // This can happen if an item is inserted in MediaStore before it is created |
| return; |
| } |
| |
| if (mediaType == FileColumns.MEDIA_TYPE_NONE) { |
| // This might be because the file is hidden; but we still want to |
| // attribute its quota to the correct type, so get the type from |
| // the extension instead. |
| mediaType = MimeUtils.resolveMediaType(MimeUtils.resolveMimeType(file)); |
| } |
| |
| updateQuotaTypeForFileInternal(file, mediaType); |
| } catch (FileNotFoundException | IllegalArgumentException e) { |
| // Ignore |
| Log.w(TAG, "Failed to update quota for uri: " + uri, e); |
| return; |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| private final void updateQuotaTypeForFileInternal(File file, int mediaType) { |
| try { |
| switch (mediaType) { |
| case FileColumns.MEDIA_TYPE_AUDIO: |
| mStorageManager.updateExternalStorageFileQuotaType(file, |
| StorageManager.QUOTA_TYPE_MEDIA_AUDIO); |
| break; |
| case FileColumns.MEDIA_TYPE_VIDEO: |
| mStorageManager.updateExternalStorageFileQuotaType(file, |
| StorageManager.QUOTA_TYPE_MEDIA_VIDEO); |
| break; |
| case FileColumns.MEDIA_TYPE_IMAGE: |
| mStorageManager.updateExternalStorageFileQuotaType(file, |
| StorageManager.QUOTA_TYPE_MEDIA_IMAGE); |
| break; |
| default: |
| mStorageManager.updateExternalStorageFileQuotaType(file, |
| StorageManager.QUOTA_TYPE_MEDIA_NONE); |
| break; |
| } |
| } catch (IOException e) { |
| Log.w(TAG, "Failed to update quota type for " + file.getPath(), e); |
| } |
| } |
| |
| /** |
| * Since these operations are in the critical path of apps working with |
| * media, we only collect the {@link Uri} that need to be notified, and all |
| * other side-effect operations are delegated to {@link BackgroundThread} so |
| * that we return as quickly as possible. |
| */ |
| private final OnFilesChangeListener mFilesListener = new OnFilesChangeListener() { |
| @Override |
| public void onInsert(@NonNull DatabaseHelper helper, @NonNull FileRow insertedRow) { |
| handleInsertedRowForFuse(insertedRow.getId()); |
| acceptWithExpansion(helper::notifyInsert, insertedRow.getVolumeName(), |
| insertedRow.getId(), insertedRow.getMediaType(), insertedRow.isDownload()); |
| updateNextRowIdXattr(helper, insertedRow.getId()); |
| helper.postBackground(() -> { |
| if (helper.isExternal()) { |
| // Update the quota type on the filesystem |
| Uri fileUri = MediaStore.Files.getContentUri(insertedRow.getVolumeName(), |
| insertedRow.getId()); |
| updateQuotaTypeForUri(fileUri, insertedRow.getMediaType()); |
| } |
| |
| // Tell our SAF provider so it knows when views are no longer empty |
| MediaDocumentsProvider.onMediaStoreInsert(getContext(), insertedRow.getVolumeName(), |
| insertedRow.getMediaType(), insertedRow.getId()); |
| |
| if (mExternalDbFacade.onFileInserted(insertedRow.getMediaType(), |
| insertedRow.isPending())) { |
| mPickerSyncController.notifyMediaEvent(); |
| } |
| }); |
| } |
| |
| @Override |
| public void onUpdate(@NonNull DatabaseHelper helper, @NonNull FileRow oldRow, |
| @NonNull FileRow newRow) { |
| final boolean isDownload = oldRow.isDownload() || newRow.isDownload(); |
| final Uri fileUri = MediaStore.Files.getContentUri(oldRow.getVolumeName(), |
| oldRow.getId()); |
| handleUpdatedRowForFuse(oldRow.getPath(), oldRow.getOwnerPackageName(), oldRow.getId(), |
| newRow.getId()); |
| handleOwnerPackageNameChange(oldRow.getPath(), oldRow.getOwnerPackageName(), |
| newRow.getOwnerPackageName()); |
| acceptWithExpansion(helper::notifyUpdate, oldRow.getVolumeName(), oldRow.getId(), |
| oldRow.getMediaType(), isDownload); |
| updateNextRowIdXattr(helper, newRow.getId()); |
| helper.postBackground(() -> { |
| if (helper.isExternal()) { |
| // Update the quota type on the filesystem |
| updateQuotaTypeForUri(fileUri, newRow.getMediaType()); |
| } |
| |
| if (mExternalDbFacade.onFileUpdated(oldRow.getId(), |
| oldRow.getMediaType(), newRow.getMediaType(), |
| oldRow.isTrashed(), newRow.isTrashed(), |
| oldRow.isPending(), newRow.isPending(), |
| oldRow.isFavorite(), newRow.isFavorite(), |
| oldRow.getSpecialFormat(), newRow.getSpecialFormat())) { |
| mPickerSyncController.notifyMediaEvent(); |
| } |
| }); |
| |
| if (newRow.getMediaType() != oldRow.getMediaType()) { |
| acceptWithExpansion(helper::notifyUpdate, oldRow.getVolumeName(), oldRow.getId(), |
| newRow.getMediaType(), isDownload); |
| |
| helper.postBackground(() -> { |
| // Invalidate any thumbnails when the media type changes |
| invalidateThumbnails(fileUri); |
| }); |
| } |
| } |
| |
| @Override |
| public void onDelete(@NonNull DatabaseHelper helper, @NonNull FileRow deletedRow) { |
| handleDeletedRowForFuse(deletedRow.getPath(), deletedRow.getOwnerPackageName(), |
| deletedRow.getId()); |
| acceptWithExpansion(helper::notifyDelete, deletedRow.getVolumeName(), |
| deletedRow.getId(), deletedRow.getMediaType(), deletedRow.isDownload()); |
| // Remove cached transcoded file if any |
| mTranscodeHelper.deleteCachedTranscodeFile(deletedRow.getId()); |
| |
| helper.postBackground(() -> { |
| // Item no longer exists, so revoke all access to it |
| Trace.beginSection("revokeUriPermission"); |
| try { |
| acceptWithExpansion((uri) -> { |
| getContext().revokeUriPermission(uri, ~0); |
| }, |
| deletedRow.getVolumeName(), deletedRow.getId(), |
| deletedRow.getMediaType(), deletedRow.isDownload()); |
| } finally { |
| Trace.endSection(); |
| } |
| |
| switch (deletedRow.getMediaType()) { |
| case FileColumns.MEDIA_TYPE_PLAYLIST: |
| case FileColumns.MEDIA_TYPE_AUDIO: |
| if (helper.isExternal()) { |
| removePlaylistMembers(deletedRow.getMediaType(), deletedRow.getId()); |
| } |
| } |
| |
| // Invalidate any thumbnails now that media is gone |
| invalidateThumbnails(MediaStore.Files.getContentUri(deletedRow.getVolumeName(), |
| deletedRow.getId())); |
| |
| // Tell our SAF provider so it can revoke too |
| MediaDocumentsProvider.onMediaStoreDelete(getContext(), deletedRow.getVolumeName(), |
| deletedRow.getMediaType(), deletedRow.getId()); |
| |
| if (mExternalDbFacade.onFileDeleted(deletedRow.getId(), |
| deletedRow.getMediaType())) { |
| mPickerSyncController.notifyMediaEvent(); |
| } |
| }); |
| } |
| }; |
| |
| protected void updateNextRowIdXattr(DatabaseHelper helper, long id) { |
| if (!helper.isNextRowIdBackupEnabled()) { |
| Log.v(TAG, "Skipping next row id backup."); |
| return; |
| } |
| |
| Optional<Long> nextRowIdBackupOptional = helper.getNextRowId(); |
| if (!nextRowIdBackupOptional.isPresent()) { |
| throw new RuntimeException( |
| String.format(Locale.ROOT, "Cannot find next row id xattr for %s.", |
| helper.getDatabaseName())); |
| } |
| |
| if (id >= nextRowIdBackupOptional.get()) { |
| helper.backupNextRowId(id); |
| } else { |
| Log.v(TAG, String.format(Locale.ROOT, "Inserted id:%d less than next row id backup:%d.", |
| id, nextRowIdBackupOptional.get())); |
| } |
| } |
| |
| private final UnaryOperator<String> mIdGenerator = path -> { |
| final long rowId = mCallingIdentity.get().getDeletedRowId(path); |
| if (rowId != -1 && isFuseThread()) { |
| return String.valueOf(rowId); |
| } |
| return null; |
| }; |
| |
| /** {@hide} */ |
| public static final OnLegacyMigrationListener MIGRATION_LISTENER = |
| new OnLegacyMigrationListener() { |
| @Override |
| public void onStarted(ContentProviderClient client, String volumeName) { |
| MediaStore.startLegacyMigration(ContentResolver.wrap(client), volumeName); |
| } |
| |
| @Override |
| public void onProgress(ContentProviderClient client, String volumeName, |
| long progress, long total) { |
| // TODO: notify blocked threads of progress once we can change APIs |
| } |
| |
| @Override |
| public void onFinished(ContentProviderClient client, String volumeName) { |
| MediaStore.finishLegacyMigration(ContentResolver.wrap(client), volumeName); |
| } |
| }; |
| |
| /** |
| * Apply {@link Consumer#accept} to the given item. |
| * <p> |
| * Since media items can be exposed through multiple collections or views, |
| * this method expands the single item being accepted to also accept all |
| * relevant views. |
| */ |
| private void acceptWithExpansion(@NonNull Consumer<Uri> consumer, @NonNull String volumeName, |
| long id, int mediaType, boolean isDownload) { |
| switch (mediaType) { |
| case FileColumns.MEDIA_TYPE_AUDIO: |
| consumer.accept(MediaStore.Audio.Media.getContentUri(volumeName, id)); |
| |
| // Any changing audio items mean we probably need to invalidate all |
| // indexed views built from that media |
| consumer.accept(Audio.Genres.getContentUri(volumeName)); |
| consumer.accept(Audio.Playlists.getContentUri(volumeName)); |
| consumer.accept(Audio.Artists.getContentUri(volumeName)); |
| consumer.accept(Audio.Albums.getContentUri(volumeName)); |
| break; |
| |
| case FileColumns.MEDIA_TYPE_VIDEO: |
| consumer.accept(MediaStore.Video.Media.getContentUri(volumeName, id)); |
| break; |
| |
| case FileColumns.MEDIA_TYPE_IMAGE: |
| consumer.accept(MediaStore.Images.Media.getContentUri(volumeName, id)); |
| break; |
| |
| case FileColumns.MEDIA_TYPE_PLAYLIST: |
| consumer.accept(ContentUris.withAppendedId( |
| MediaStore.Audio.Playlists.getContentUri(volumeName), id)); |
| break; |
| } |
| |
| // Also notify through any generic views |
| consumer.accept(MediaStore.Files.getContentUri(volumeName, id)); |
| if (isDownload) { |
| consumer.accept(MediaStore.Downloads.getContentUri(volumeName, id)); |
| } |
| |
| // Rinse and repeat through any synthetic views |
| switch (volumeName) { |
| case MediaStore.VOLUME_INTERNAL: |
| case MediaStore.VOLUME_EXTERNAL: |
| // Already a top-level view, no need to expand |
| break; |
| default: |
| acceptWithExpansion(consumer, MediaStore.VOLUME_EXTERNAL, |
| id, mediaType, isDownload); |
| break; |
| } |
| } |
| |
| /** |
| * Ensure that default folders are created on mounted storage devices. |
| * We only do this once per volume so we don't annoy the user if deleted |
| * manually. |
| */ |
| private void ensureDefaultFolders(@NonNull MediaVolume volume, @NonNull SQLiteDatabase db) { |
| if (volume.isExternallyManaged()) { |
| // Default folders should not be automatically created inside volumes managed from |
| // outside Android. |
| return; |
| } |
| final String volumeName = volume.getName(); |
| String key; |
| if (volumeName.equals(MediaStore.VOLUME_EXTERNAL_PRIMARY)) { |
| // For the primary volume, we use the ID, because we may be handling |
| // the primary volume for multiple users |
| key = "created_default_folders_" + volume.getId(); |
| } else { |
| // For others, like public volumes, just use the name, because the id |
| // might not change when re-formatted |
| key = "created_default_folders_" + volumeName; |
| } |
| |
| final SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(getContext()); |
| if (prefs.getInt(key, 0) == 0) { |
| for (String folderName : DEFAULT_FOLDER_NAMES) { |
| final File folder = new File(volume.getPath(), folderName); |
| if (!folder.exists()) { |
| folder.mkdirs(); |
| insertDirectory(db, folder.getAbsolutePath()); |
| } |
| } |
| |
| SharedPreferences.Editor editor = prefs.edit(); |
| editor.putInt(key, 1); |
| editor.commit(); |
| } |
| } |
| |
| /** |
| * Ensure that any thumbnail collections on the given storage volume can be |
| * used with the given {@link DatabaseHelper}. If the |
| * {@link DatabaseHelper#getOrCreateUuid} doesn't match the UUID found on |
| * disk, then all thumbnails will be considered stable and will be deleted. |
| */ |
| private void ensureThumbnailsValid(@NonNull MediaVolume volume, @NonNull SQLiteDatabase db) { |
| if (volume.isExternallyManaged()) { |
| // Default folders and thumbnail directories should not be automatically created inside |
| // volumes managed from outside Android, and there is no need to ensure the validity of |
| // their thumbnails here. |
| return; |
| } |
| final String uuidFromDatabase = DatabaseHelper.getOrCreateUuid(db); |
| try { |
| for (File dir : getThumbnailDirectories(volume)) { |
| if (!dir.exists()) { |
| dir.mkdirs(); |
| } |
| |
| final File file = new File(dir, FILE_DATABASE_UUID); |
| final Optional<String> uuidFromDisk = FileUtils.readString(file); |
| |
| final boolean updateUuid; |
| if (!uuidFromDisk.isPresent()) { |
| // For newly inserted volumes or upgrading of existing volumes, |
| // assume that our current UUID is valid |
| updateUuid = true; |
| } else if (!Objects.equals(uuidFromDatabase, uuidFromDisk.get())) { |
| // The UUID of database disagrees with the one on disk, |
| // which means we can't trust any thumbnails |
| Log.d(TAG, "Invalidating all thumbnails under " + dir); |
| FileUtils.walkFileTreeContents(dir.toPath(), this::deleteAndInvalidate); |
| updateUuid = true; |
| } else { |
| updateUuid = false; |
| } |
| |
| if (updateUuid) { |
| FileUtils.writeString(file, Optional.of(uuidFromDatabase)); |
| } |
| } |
| } catch (IOException e) { |
| Log.w(TAG, "Failed to ensure thumbnails valid for " + volume.getName(), e); |
| } |
| } |
| |
| @Override |
| public void attachInfo(Context context, ProviderInfo info) { |
| Log.v(TAG, "Attached " + info.authority + " from " + info.applicationInfo.packageName); |
| |
| mUriMatcher = new LocalUriMatcher(info.authority); |
| |
| super.attachInfo(context, info); |
| } |
| |
| @Override |
| public boolean onCreate() { |
| final Context context = getContext(); |
| |
| mUserCache = new UserCache(context); |
| |
| // Shift call statistics back to the original caller |
| Binder.setProxyTransactListener(mTransactListener); |
| |
| mStorageManager = context.getSystemService(StorageManager.class); |
| mAppOpsManager = context.getSystemService(AppOpsManager.class); |
| mPackageManager = context.getPackageManager(); |
| mDevicePolicyManager = context.getSystemService(DevicePolicyManager.class); |
| mUserManager = context.getSystemService(UserManager.class); |
| mVolumeCache = new VolumeCache(context, mUserCache); |
| |
| // Reasonable thumbnail size is half of the smallest screen edge width |
| final DisplayMetrics metrics = context.getResources().getDisplayMetrics(); |
| final int thumbSize = Math.min(metrics.widthPixels, metrics.heightPixels) / 2; |
| mThumbSize = new Size(thumbSize, thumbSize); |
| |
| mMediaScanner = new ModernMediaScanner(context); |
| |
| mInternalDatabase = new DatabaseHelper(context, INTERNAL_DATABASE_NAME, false, false, |
| Column.class, ExportedSince.class, Metrics::logSchemaChange, mFilesListener, |
| MIGRATION_LISTENER, mIdGenerator, true); |
| mExternalDatabase = new DatabaseHelper(context, EXTERNAL_DATABASE_NAME, false, false, |
| Column.class, ExportedSince.class, Metrics::logSchemaChange, mFilesListener, |
| MIGRATION_LISTENER, mIdGenerator, true); |
| mExternalDbFacade = new ExternalDbFacade(getContext(), mExternalDatabase, mVolumeCache); |
| mPickerDbFacade = new PickerDbFacade(context); |
| |
| final String localPickerProvider = PickerSyncController.LOCAL_PICKER_PROVIDER_AUTHORITY; |
| final String allowedCloudProviders = |
| getStringDeviceConfig(PickerSyncController.ALLOWED_CLOUD_PROVIDERS_KEY, |
| /* default */ ""); |
| final int pickerSyncDelayMs = getIntDeviceConfig(PickerSyncController.SYNC_DELAY_MS, |
| /* default */ 5000); |
| |
| mPickerSyncController = new PickerSyncController(context, mPickerDbFacade, |
| localPickerProvider, allowedCloudProviders, pickerSyncDelayMs); |
| mPickerDataLayer = new PickerDataLayer(context, mPickerDbFacade, mPickerSyncController); |
| mPickerUriResolver = new PickerUriResolver(context, mPickerDbFacade); |
| |
| if (SdkLevel.isAtLeastS()) { |
| mTranscodeHelper = new TranscodeHelperImpl(context, this); |
| } else { |
| mTranscodeHelper = new TranscodeHelperNoOp(); |
| } |
| |
| // Create dir for redacted and picker URI paths. |
| buildPrimaryVolumeFile(uidToUserId(MY_UID), getRedactedRelativePath()).mkdirs(); |
| |
| final IntentFilter packageFilter = new IntentFilter(); |
| packageFilter.setPriority(10); |
| packageFilter.addDataScheme("package"); |
| packageFilter.addAction(Intent.ACTION_PACKAGE_ADDED); |
| packageFilter.addAction(Intent.ACTION_PACKAGE_REMOVED); |
| context.registerReceiver(mPackageReceiver, packageFilter); |
| |
| // Creating intent broadcast receiver for user actions like Intent.ACTION_USER_REMOVED, |
| // where we would need to remove files stored by removed user. |
| final IntentFilter userIntentFilter = new IntentFilter(); |
| userIntentFilter.addAction(Intent.ACTION_USER_REMOVED); |
| context.registerReceiver(mUserIntentReceiver, userIntentFilter); |
| |
| // Watch for invalidation of cached volumes |
| mStorageManager.registerStorageVolumeCallback(context.getMainExecutor(), |
| new StorageVolumeCallback() { |
| @Override |
| public void onStateChanged(@NonNull StorageVolume volume) { |
| updateVolumes(); |
| } |
| }); |
| |
| if (SdkLevel.isAtLeastT()) { |
| try { |
| mStorageManager.setCloudMediaProvider(mPickerSyncController.getCloudProvider()); |
| } catch (SecurityException e) { |
| // This can happen in unit tests |
| Log.w(TAG, "Failed to update the system_server with the latest cloud provider", e); |
| } |
| } |
| |
| updateVolumes(); |
| attachVolume(MediaVolume.fromInternal(), /* validate */ false); |
| for (MediaVolume volume : mVolumeCache.getExternalVolumes()) { |
| attachVolume(volume, /* validate */ false); |
| } |
| |
| // Watch for performance-sensitive activity |
| mAppOpsManager.startWatchingActive(new String[] { |
| AppOpsManager.OPSTR_CAMERA |
| }, context.getMainExecutor(), mActiveListener); |
| |
| mAppOpsManager.startWatchingMode(AppOpsManager.OPSTR_READ_EXTERNAL_STORAGE, |
| null /* all packages */, mModeListener); |
| mAppOpsManager.startWatchingMode(AppOpsManager.OPSTR_READ_MEDIA_AUDIO, |
| null /* all packages */, mModeListener); |
| mAppOpsManager.startWatchingMode(AppOpsManager.OPSTR_READ_MEDIA_IMAGES, |
| null /* all packages */, mModeListener); |
| mAppOpsManager.startWatchingMode(AppOpsManager.OPSTR_READ_MEDIA_VIDEO, |
| null /* all packages */, mModeListener); |
| mAppOpsManager.startWatchingMode(AppOpsManager.OPSTR_WRITE_EXTERNAL_STORAGE, |
| null /* all packages */, mModeListener); |
| mAppOpsManager.startWatchingMode(permissionToOp(ACCESS_MEDIA_LOCATION), |
| null /* all packages */, mModeListener); |
| // Legacy apps |
| mAppOpsManager.startWatchingMode(AppOpsManager.OPSTR_LEGACY_STORAGE, |
| null /* all packages */, mModeListener); |
| // File managers |
| mAppOpsManager.startWatchingMode(AppOpsManager.OPSTR_MANAGE_EXTERNAL_STORAGE, |
| null /* all packages */, mModeListener); |
| // Default gallery changes |
| mAppOpsManager.startWatchingMode(AppOpsManager.OPSTR_WRITE_MEDIA_IMAGES, |
| null /* all packages */, mModeListener); |
| mAppOpsManager.startWatchingMode(AppOpsManager.OPSTR_WRITE_MEDIA_VIDEO, |
| null /* all packages */, mModeListener); |
| try { |
| // Here we are forced to depend on the non-public API of AppOpsManager. If |
| // OPSTR_NO_ISOLATED_STORAGE app op is not defined in AppOpsManager, then this call will |
| // throw an IllegalArgumentException during MediaProvider startup. In combination with |
| // MediaProvider's CTS tests it should give us guarantees that OPSTR_NO_ISOLATED_STORAGE |
| // is defined. |
| mAppOpsManager.startWatchingMode(AppOpsManager.OPSTR_NO_ISOLATED_STORAGE, |
| null /* all packages */, mModeListener); |
| } catch (IllegalArgumentException e) { |
| Log.w(TAG, "Failed to start watching " + AppOpsManager.OPSTR_NO_ISOLATED_STORAGE, e); |
| } |
| |
| ProviderInfo provider = mPackageManager.resolveContentProvider( |
| getDownloadsProviderAuthority(), PackageManager.MATCH_DIRECT_BOOT_AWARE |
| | PackageManager.MATCH_DIRECT_BOOT_UNAWARE); |
| if (provider != null) { |
| mDownloadsAuthorityAppId = UserHandle.getAppId(provider.applicationInfo.uid); |
| } |
| |
| provider = mPackageManager.resolveContentProvider(getExternalStorageProviderAuthority(), |
| PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE); |
| if (provider != null) { |
| mExternalStorageAuthorityAppId = UserHandle.getAppId(provider.applicationInfo.uid); |
| } |
| |
| PulledMetrics.initialize(context); |
| return true; |
| } |
| |
| Optional<DatabaseHelper> getDatabaseHelper(String dbName) { |
| if (dbName.equalsIgnoreCase(INTERNAL_DATABASE_NAME)) { |
| return Optional.of(mInternalDatabase); |
| } else if (dbName.equalsIgnoreCase(EXTERNAL_DATABASE_NAME)) { |
| return Optional.of(mExternalDatabase); |
| } |
| |
| return Optional.empty(); |
| } |
| |
| @Override |
| public void onCallingPackageChanged() { |
| // Identity of the current thread has changed, so invalidate caches |
| mCallingIdentity.remove(); |
| } |
| |
| public LocalCallingIdentity clearLocalCallingIdentity() { |
| // We retain the user part of the calling identity, since we are executing |
| // the call on behalf of that user, and we need to maintain the user context |
| // to correctly resolve things like volumes |
| UserHandle user = mCallingIdentity.get().getUser(); |
| return clearLocalCallingIdentity(LocalCallingIdentity.fromSelfAsUser(getContext(), user)); |
| } |
| |
| public LocalCallingIdentity clearLocalCallingIdentity(LocalCallingIdentity replacement) { |
| final LocalCallingIdentity token = mCallingIdentity.get(); |
| mCallingIdentity.set(replacement); |
| return token; |
| } |
| |
| public void restoreLocalCallingIdentity(LocalCallingIdentity token) { |
| mCallingIdentity.set(token); |
| } |
| |
| private boolean isPackageKnown(@NonNull String packageName, int userId) { |
| final Context context = mUserCache.getContextForUser(UserHandle.of(userId)); |
| final PackageManager pm = context.getPackageManager(); |
| |
| // First, is the app actually installed? |
| try { |
| pm.getPackageInfo(packageName, PackageManager.MATCH_UNINSTALLED_PACKAGES); |
| return true; |
| } catch (NameNotFoundException ignored) { |
| } |
| |
| // Second, is the app pending, probably from a backup/restore operation? |
| for (SessionInfo si : pm.getPackageInstaller().getAllSessions()) { |
| if (Objects.equals(packageName, si.getAppPackageName())) { |
| return true; |
| } |
| } |
| |
| // I've never met this package in my life |
| return false; |
| } |
| |
| public void onIdleMaintenance(@NonNull CancellationSignal signal) { |
| final long startTime = SystemClock.elapsedRealtime(); |
| // Trim any stale log files before we emit new events below |
| Logging.trimPersistent(); |
| |
| // Scan all volumes to resolve any staleness |
| for (MediaVolume volume : mVolumeCache.getExternalVolumes()) { |
| // Possibly bail before digging into each volume |
| signal.throwIfCanceled(); |
| |
| try { |
| MediaService.onScanVolume(getContext(), volume, REASON_IDLE); |
| } catch (IOException e) { |
| Log.w(TAG, e); |
| } |
| |
| // Ensure that our thumbnails are valid |
| mExternalDatabase.runWithTransaction((db) -> { |
| ensureThumbnailsValid(volume, db); |
| return null; |
| }); |
| } |
| |
| // Delete any stale thumbnails |
| final int staleThumbnails = mExternalDatabase.runWithTransaction((db) -> { |
| return pruneThumbnails(db, signal); |
| }); |
| Log.d(TAG, "Pruned " + staleThumbnails + " unknown thumbnails"); |
| |
| // Finished orphaning any content whose package no longer exists |
| pruneStalePackages(signal); |
| |
| // Delete the expired items or extend them on mounted volumes |
| final int[] result = deleteOrExtendExpiredItems(signal); |
| final int deletedExpiredMedia = result[0]; |
| Log.d(TAG, "Deleted " + deletedExpiredMedia + " expired items"); |
| Log.d(TAG, "Extended " + result[1] + " expired items"); |
| |
| // Forget any stale volumes |
| deleteStaleVolumes(signal); |
| |
| final long itemCount = mExternalDatabase.runWithTransaction((db) -> { |
| return DatabaseHelper.getItemCount(db); |
| }); |
| |
| // Cleaning media files for users that have been removed |
| cleanMediaFilesForRemovedUser(signal); |
| |
| // Populate _SPECIAL_FORMAT column for files which have column value as NULL |
| detectSpecialFormat(signal); |
| |
| final long durationMillis = (SystemClock.elapsedRealtime() - startTime); |
| Metrics.logIdleMaintenance(MediaStore.VOLUME_EXTERNAL, itemCount, |
| durationMillis, staleThumbnails, deletedExpiredMedia); |
| } |
| |
| /** |
| * This function find and clean the files related to user who have been removed |
| */ |
| private void cleanMediaFilesForRemovedUser(CancellationSignal signal) { |
| //Finding userIds that are available in database |
| final List<String> userIds = mExternalDatabase.runWithTransaction((db) -> { |
| final List<String> userIdsPresent = new ArrayList<>(); |
| try (Cursor c = db.query(true, "files", new String[] { "_user_id" }, |
| null, null, null, null, null, |
| null, signal)) { |
| while (c.moveToNext()) { |
| final String userId = c.getString(0); |
| userIdsPresent.add(userId); |
| } |
| } |
| return userIdsPresent; |
| }); |
| |
| //removing calling userId |
| userIds.remove(String.valueOf(sUserId)); |
| //removing all the valid/existing user, remaining userIds would be users who would have been |
| //removed |
| userIds.removeAll(mUserManager.getEnabledProfiles().stream() |
| .map(userHandle -> String.valueOf(userHandle.getIdentifier())).collect( |
| Collectors.toList())); |
| |
| // Cleaning media files of users who have been removed |
| mExternalDatabase.runWithTransaction((db) -> { |
| userIds.stream().forEach(userId ->{ |
| Log.d(TAG, "Removing media files associated with user : " + userId); |
| db.execSQL("delete from files where _user_id=?", |
| new String[]{String.valueOf(userId)}); |
| }); |
| return null ; |
| }); |
| } |
| |
| private void pruneStalePackages(CancellationSignal signal) { |
| final int stalePackages = mExternalDatabase.runWithTransaction((db) -> { |
| final ArraySet<Pair<String, Integer>> unknownPackages = new ArraySet<>(); |
| try (Cursor c = db.query(true, "files", |
| new String[] { "owner_package_name", "_user_id" }, |
| null, null, null, null, null, null, signal)) { |
| while (c.moveToNext()) { |
| final String packageName = c.getString(0); |
| if (TextUtils.isEmpty(packageName)) continue; |
| |
| final int userId = c.getInt(1); |
| |
| if (!isPackageKnown(packageName, userId)) { |
| unknownPackages.add(Pair.create(packageName, userId)); |
| } |
| } |
| } |
| for (Pair<String, Integer> pair : unknownPackages) { |
| onPackageOrphaned(db, pair.first, pair.second); |
| } |
| return unknownPackages.size(); |
| }); |
| Log.d(TAG, "Pruned " + stalePackages + " unknown packages"); |
| } |
| |
| private void deleteStaleVolumes(CancellationSignal signal) { |
| mExternalDatabase.runWithTransaction((db) -> { |
| final Set<String> recentVolumeNames = MediaStore |
| .getRecentExternalVolumeNames(getContext()); |
| final Set<String> knownVolumeNames = new ArraySet<>(); |
| try (Cursor c = db.query(true, "files", new String[] { MediaColumns.VOLUME_NAME }, |
| null, null, null, null, null, null, signal)) { |
| while (c.moveToNext()) { |
| knownVolumeNames.add(c.getString(0)); |
| } |
| } |
| final Set<String> staleVolumeNames = new ArraySet<>(); |
| staleVolumeNames.addAll(knownVolumeNames); |
| staleVolumeNames.removeAll(recentVolumeNames); |
| for (String staleVolumeName : staleVolumeNames) { |
| final int num = db.delete("files", FileColumns.VOLUME_NAME + "=?", |
| new String[] { staleVolumeName }); |
| Log.d(TAG, "Forgot " + num + " stale items from " + staleVolumeName); |
| } |
| return null; |
| }); |
| |
| synchronized (mDirectoryCache) { |
| mDirectoryCache.clear(); |
| } |
| } |
| |
| @VisibleForTesting |
| public void setUriResolver(PickerUriResolver resolver) { |
| Log.w(TAG, "Changing the PickerUriResolver!!! Should only be called during test"); |
| mPickerUriResolver = resolver; |
| } |
| |
| @VisibleForTesting |
| void detectSpecialFormat(@NonNull CancellationSignal signal) { |
| mExternalDatabase.runWithTransaction((db) -> { |
| updateSpecialFormatColumn(db, signal); |
| return null; |
| }); |
| } |
| |
| private void updateSpecialFormatColumn(SQLiteDatabase db, @NonNull CancellationSignal signal) { |
| // This is to ensure we only do a bounded iteration over the rows as updates can fail, and |
| // we don't want to keep running the query/update indefinitely. |
| final int totalRowsToUpdate = getPendingSpecialFormatRowsCount(db,signal); |
| for (int i = 0 ; i < totalRowsToUpdate ; i += IDLE_MAINTENANCE_ROWS_LIMIT) { |
| updateSpecialFormatForLimitedRows(db, signal); |
| } |
| } |
| |
| private int getPendingSpecialFormatRowsCount(SQLiteDatabase db, |
| @NonNull CancellationSignal signal) { |
| try (Cursor c = queryForPendingSpecialFormatColumns(db, /* limit */ null, signal)) { |
| if (c == null) { |
| return 0; |
| } |
| return c.getCount(); |
| } |
| } |
| |
| private void updateSpecialFormatForLimitedRows(SQLiteDatabase db, |
| @NonNull CancellationSignal signal) { |
| final SQLiteQueryBuilder qbForUpdate = getQueryBuilder(TYPE_UPDATE, FILES, |
| Files.getContentUri(VOLUME_EXTERNAL), Bundle.EMPTY, null); |
| // Accumulate all the new SPECIAL_FORMAT updates with their ids |
| ArrayMap<Long, Integer> newSpecialFormatValues = new ArrayMap<>(); |
| final String limit = String.valueOf(IDLE_MAINTENANCE_ROWS_LIMIT); |
| try (Cursor c = queryForPendingSpecialFormatColumns(db, limit, signal)) { |
| while (c.moveToNext() && !signal.isCanceled()) { |
| final long id = c.getLong(0); |
| final String path = c.getString(1); |
| newSpecialFormatValues.put(id, getSpecialFormatValue(path)); |
| } |
| } |
| |
| // Now, update all the new SPECIAL_FORMAT values. |
| final ContentValues values = new ContentValues(); |
| int count = 0; |
| for (long id: newSpecialFormatValues.keySet()) { |
| if (signal.isCanceled()) { |
| return; |
| } |
| |
| values.clear(); |
| values.put(_SPECIAL_FORMAT, newSpecialFormatValues.get(id)); |
| final String selection = MediaColumns._ID + "=?"; |
| final String[] selectionArgs = new String[]{String.valueOf(id)}; |
| if (qbForUpdate.update(db, values, selection, selectionArgs) == 1) { |
| count++; |
| } else { |
| Log.e(TAG, "Unable to update _SPECIAL_FORMAT for id = " + id); |
| } |
| } |
| Log.d(TAG, "Updated _SPECIAL_FORMAT for " + count + " items"); |
| } |
| |
| private int getSpecialFormatValue(String path) { |
| final File file = new File(path); |
| if (!file.exists()) { |
| // We always update special format to none if the file is not found or there is an |
| // error, this is so that we do not repeat over the same column again and again. |
| return _SPECIAL_FORMAT_NONE; |
| } |
| |
| try { |
| return SpecialFormatDetector.detect(file); |
| } catch (Exception e) { |
| // we tried our best, no need to run special detection again and again if it |
| // throws exception once, it is likely to do so everytime. |
| Log.d(TAG, "Failed to detect special format for file: " + file, e); |
| return _SPECIAL_FORMAT_NONE; |
| } |
| } |
| |
| private Cursor queryForPendingSpecialFormatColumns(SQLiteDatabase db, String limit, |
| @NonNull CancellationSignal signal) { |
| // Run special detection for images only |
| final String selection = _SPECIAL_FORMAT + " IS NULL AND " |
| + MEDIA_TYPE + "=" + MEDIA_TYPE_IMAGE; |
| final String[] projection = new String[] { MediaColumns._ID, MediaColumns.DATA }; |
| return db.query(/* distinct */ true, "files", projection, selection, null, null, null, |
| null, limit, signal); |
| } |
| |
| /** |
| * Delete any expired content on mounted volumes. The expired content on unmounted |
| * volumes will be deleted when we forget any stale volumes; we're cautious about |
| * wildly changing clocks, so only delete items within the last week. |
| * If the items are expired more than one week, extend the expired time of them |
| * another one week to avoid data loss with incorrect time zone data. We will |
| * delete it when it is expired next time. |
| * |
| * @param signal the cancellation signal |
| * @return the integer array includes total deleted count and total extended count |
| */ |
| @NonNull |
| private int[] deleteOrExtendExpiredItems(@NonNull CancellationSignal signal) { |
| final long expiredOneWeek = |
| ((System.currentTimeMillis() - DateUtils.WEEK_IN_MILLIS) / 1000); |
| final long now = (System.currentTimeMillis() / 1000); |
| final Long expiredTime = now + (FileUtils.DEFAULT_DURATION_EXTENDED / 1000); |
| final int result[] = mExternalDatabase.runWithTransaction((db) -> { |
| String selection = FileColumns.DATE_EXPIRES + " < " + now; |
| selection += " AND volume_name in " + bindList(MediaStore.getExternalVolumeNames( |
| getContext()).toArray()); |
| String[] projection = new String[]{"volume_name", "_id", |
| FileColumns.DATE_EXPIRES, FileColumns.DATA}; |
| try (Cursor c = db.query(true, "files", projection, selection, null, null, null, null, |
| null, signal)) { |
| int totalDeleteCount = 0; |
| int totalExtendedCount = 0; |
| int index = 0; |
| while (c.moveToNext()) { |
| final String volumeName = c.getString(0); |
| final long id = c.getLong(1); |
| final long dateExpires = c.getLong(2); |
| // we only delete the items that expire in one week |
| if (dateExpires > expiredOneWeek) { |
| totalDeleteCount += delete(Files.getContentUri(volumeName, id), null, null); |
| } else { |
| final String oriPath = c.getString(3); |
| |
| final boolean success = extendExpiredItem(db, oriPath, id, expiredTime, |
| expiredTime + index); |
| if (success) { |
| totalExtendedCount++; |
| } |
| index++; |
| } |
| } |
| return new int[]{totalDeleteCount, totalExtendedCount}; |
| } |
| }); |
| return result; |
| } |
| |
| /** |
| * Extend the expired items by renaming the file to new path with new timestamp and updating the |
| * database for {@link FileColumns#DATA} and {@link FileColumns#DATE_EXPIRES}. If there is |
| * UNIQUE constraint error for FileColumns.DATA, use adjustedExpiredTime and generate the new |
| * path by adjustedExpiredTime. |
| */ |
| private boolean extendExpiredItem(@NonNull SQLiteDatabase db, @NonNull String originalPath, |
| long id, long newExpiredTime, long adjustedExpiredTime) { |
| String newPath = FileUtils.getAbsoluteExtendedPath(originalPath, newExpiredTime); |
| if (newPath == null) { |
| Log.e(TAG, "Couldn't compute path for " + originalPath + " and expired time " |
| + newExpiredTime); |
| return false; |
| } |
| |
| try { |
| if (updateDatabaseForExpiredItem(db, newPath, id, newExpiredTime)) { |
| return renameInLowerFsAndInvalidateFuseDentry(originalPath, newPath); |
| } |
| return false; |
| } catch (SQLiteConstraintException e) { |
| final String errorMessage = |
| "Update database _data from " + originalPath + " to " + newPath + " failed."; |
| Log.d(TAG, errorMessage, e); |
| } |
| |
| // When we update the database for newPath with newExpiredTime, if the new path already |
| // exists in the database, it may raise SQLiteConstraintException. |
| // If there are two expired items that have the same display name in the same directory, |
| // but they have different expired time. E.g. .trashed-123-A.jpg and .trashed-456-A.jpg. |
| // After we rename .trashed-123-A.jpg to .trashed-newExpiredTime-A.jpg, then we rename |
| // .trashed-456-A.jpg to .trashed-newExpiredTime-A.jpg, it raises the exception. For |
| // this case, we will retry it with the adjustedExpiredTime again. |
| newPath = FileUtils.getAbsoluteExtendedPath(originalPath, adjustedExpiredTime); |
| Log.i(TAG, "Retrying to extend expired item with the new path = " + newPath); |
| try { |
| if (updateDatabaseForExpiredItem(db, newPath, id, adjustedExpiredTime)) { |
| return renameInLowerFsAndInvalidateFuseDentry(originalPath, newPath); |
| } |
| } catch (SQLiteConstraintException e) { |
| // If we want to rename one expired item E.g. .trashed-123-A.jpg., and there is another |
| // non-expired trashed/pending item has the same name. E.g. |
| // .trashed-adjustedExpiredTime-A.jpg. When we rename .trashed-123-A.jpg to |
| // .trashed-adjustedExpiredTime-A.jpg, it raises the SQLiteConstraintException. |
| // The smallest unit of the expired time we use is second. It is a very rare case. |
| // When this case is happened, we can handle it in next idle maintenance. |
| final String errorMessage = |
| "Update database _data from " + originalPath + " to " + newPath + " failed."; |
| Log.d(TAG, errorMessage, e); |
| } |
| |
| return false; |
| } |
| |
| private boolean updateDatabaseForExpiredItem(@NonNull SQLiteDatabase db, |
| @NonNull String path, long id, long expiredTime) { |
| final String table = "files"; |
| final String whereClause = MediaColumns._ID + "=?"; |
| final String[] whereArgs = new String[]{String.valueOf(id)}; |
| final ContentValues values = new ContentValues(); |
| values.put(FileColumns.DATA, path); |
| values.put(FileColumns.DATE_EXPIRES, expiredTime); |
| final int count = db.update(table, values, whereClause, whereArgs); |
| return count == 1; |
| } |
| |
| private boolean renameInLowerFsAndInvalidateFuseDentry(@NonNull String originalPath, |
| @NonNull String newPath) { |
| try { |
| Os.rename(originalPath, newPath); |
| invalidateFuseDentry(originalPath); |
| invalidateFuseDentry(newPath); |
| return true; |
| } catch (ErrnoException e) { |
| final String errorMessage = "Rename " + originalPath + " to " + newPath |
| + " in lower file system for extending item failed."; |
| Log.e(TAG, errorMessage, e); |
| } |
| return false; |
| } |
| |
| public void onIdleMaintenanceStopped() { |
| mMediaScanner.onIdleScanStopped(); |
| } |
| |
| /** |
| * Orphan any content of the given package. This will delete Android/media orphaned files from |
| * the database. |
| */ |
| public void onPackageOrphaned(String packageName, int uid) { |
| mExternalDatabase.runWithTransaction((db) -> { |
| final int userId = uid / PER_USER_RANGE; |
| onPackageOrphaned(db, packageName, userId); |
| return null; |
| }); |
| } |
| |
| /** |
| * Orphan any content of the given package from the given database. This will delete |
| * Android/media files from the database if the underlying file no longe exists. |
| */ |
| public void onPackageOrphaned(@NonNull SQLiteDatabase db, |
| @NonNull String packageName, int userId) { |
| // Delete Android/media entries. |
| deleteAndroidMediaEntries(db, packageName, userId); |
| // Orphan rest of entries. |
| orphanEntries(db, packageName, userId); |
| } |
| |
| private void deleteAndroidMediaEntries(SQLiteDatabase db, String packageName, int userId) { |
| String relativePath = "Android/media/" + DatabaseUtils.escapeForLike(packageName) + "/%"; |
| try (Cursor cursor = db.query( |
| "files", |
| new String[] { MediaColumns._ID, MediaColumns.DATA }, |
| "relative_path LIKE ? ESCAPE '\\' AND owner_package_name=? AND _user_id=?", |
| new String[] { relativePath, packageName, "" + userId }, |
| /* groupBy= */ null, |
| /* having= */ null, |
| /* orderBy= */null, |
| /* limit= */ null)) { |
| int countDeleted = 0; |
| if (cursor != null) { |
| while (cursor.moveToNext()) { |
| File file = new File(cursor.getString(1)); |
| // We check for existence to be sure we don't delete files that still exist. |
| // This can happen even if the pair (package, userid) is unknown, |
| // since some framework implementations may rely on special userids. |
| if (!file.exists()) { |
| countDeleted += |
| db.delete("files", "_id=?", new String[]{cursor.getString(0)}); |
| } |
| } |
| } |
| Log.d(TAG, "Deleted " + countDeleted + " Android/media items belonging to " |
| + packageName + " on " + db.getPath()); |
| } |
| } |
| |
| private void orphanEntries( |
| @NonNull SQLiteDatabase db, @NonNull String packageName, int userId) { |
| final ContentValues values = new ContentValues(); |
| values.putNull(FileColumns.OWNER_PACKAGE_NAME); |
| |
| final int countOrphaned = db.update("files", values, |
| "owner_package_name=? AND _user_id=?", new String[] { packageName, "" + userId }); |
| if (countOrphaned > 0) { |
| Log.d(TAG, "Orphaned " + countOrphaned + " items belonging to " |
| + packageName + " on " + db.getPath()); |
| } |
| } |
| |
| public void scanDirectory(File file, int reason) { |
| mMediaScanner.scanDirectory(file, reason); |
| } |
| |
| public Uri scanFile(File file, int reason) { |
| return scanFile(file, reason, null); |
| } |
| |
| public Uri scanFile(File file, int reason, String ownerPackage) { |
| return mMediaScanner.scanFile(file, reason, ownerPackage); |
| } |
| |
| private Uri scanFileAsMediaProvider(File file, int reason) { |
| final LocalCallingIdentity tokenInner = clearLocalCallingIdentity(); |
| try { |
| return scanFile(file, REASON_DEMAND); |
| } finally { |
| restoreLocalCallingIdentity(tokenInner); |
| } |
| } |
| |
| /** |
| * Called when a new file is created through FUSE |
| * |
| * @param file path of the file that was created |
| * |
| * Called from JNI in jni/MediaProviderWrapper.cpp |
| */ |
| @Keep |
| public void onFileCreatedForFuse(String path) { |
| // Make sure we update the quota type of the file |
| BackgroundThread.getExecutor().execute(() -> { |
| File file = new File(path); |
| int mediaType = MimeUtils.resolveMediaType(MimeUtils.resolveMimeType(file)); |
| updateQuotaTypeForFileInternal(file, mediaType); |
| }); |
| } |
| |
| private boolean isAppCloneUserPair(int userId1, int userId2) { |
| UserHandle user1 = UserHandle.of(userId1); |
| UserHandle user2 = UserHandle.of(userId2); |
| if (SdkLevel.isAtLeastS()) { |
| if (mUserCache.userSharesMediaWithParent(user1) |
| || mUserCache.userSharesMediaWithParent(user2)) { |
| return true; |
| } |
| if (Build.VERSION.DEVICE_INITIAL_SDK_INT >= Build.VERSION_CODES.S) { |
| // If we're on S or higher, and we shipped with S or higher, only allow the new |
| // app cloning functionality |
| return false; |
| } |
| // else, fall back to deprecated solution below on updating devices |
| } |
| try { |
| Method isAppCloneUserPair = StorageManager.class.getMethod("isAppCloneUserPair", |
| int.class, int.class); |
| return (Boolean) isAppCloneUserPair.invoke(mStorageManager, userId1, userId2); |
| } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException e) { |
| Log.w(TAG, "isAppCloneUserPair failed. Users: " + userId1 + " and " + userId2); |
| return false; |
| } |
| } |
| |
| /** |
| * Determines whether the passed in userId forms an app clone user pair with user 0. |
| * |
| * @param userId user ID to check |
| * |
| * Called from JNI in jni/MediaProviderWrapper.cpp |
| */ |
| @Keep |
| public boolean isAppCloneUserForFuse(int userId) { |
| if (!isCrossUserEnabled()) { |
| Log.d(TAG, "CrossUser not enabled."); |
| return false; |
| } |
| boolean result = isAppCloneUserPair(0, userId); |
| |
| Log.w(TAG, "isAppCloneUserPair for user " + userId + ": " + result); |
| |
| return result; |
| } |
| |
| /** |
| * Determines if to allow FUSE_LOOKUP for uid. Might allow uids that don't belong to the |
| * MediaProvider user, depending on OEM configuration. |
| * |
| * @param uid linux uid to check |
| * |
| * Called from JNI in jni/MediaProviderWrapper.cpp |
| */ |
| @Keep |
| public boolean shouldAllowLookupForFuse(int uid, int pathUserId) { |
| int callingUserId = uidToUserId(uid); |
| if (!isCrossUserEnabled()) { |
| Log.d(TAG, "CrossUser not enabled. Users: " + callingUserId + " and " + pathUserId); |
| return false; |
| } |
| |
| if (callingUserId != pathUserId && callingUserId != 0 && pathUserId != 0) { |
| Log.w(TAG, "CrossUser at least one user is 0 check failed. Users: " + callingUserId |
| + " and " + pathUserId); |
| return false; |
| } |
| |
| if (mUserCache.isWorkProfile(callingUserId) || mUserCache.isWorkProfile(pathUserId)) { |
| // Cross-user lookup not allowed if one user in the pair has a profile owner app |
| Log.w(TAG, "CrossUser work profile check failed. Users: " + callingUserId + " and " |
| + pathUserId); |
| return false; |
| } |
| |
| boolean result = isAppCloneUserPair(pathUserId, callingUserId); |
| if (result) { |
| Log.i(TAG, "CrossUser allowed. Users: " + callingUserId + " and " + pathUserId); |
| } else { |
| Log.w(TAG, "CrossUser isAppCloneUserPair check failed. Users: " + callingUserId |
| + " and " + pathUserId); |
| } |
| |
| return result; |
| } |
| |
| /** |
| * Called from FUSE to transform a file |
| * |
| * A transform can change the file contents for {@code uid} from {@code src} to {@code dst} |
| * depending on {@code flags}. This allows the FUSE daemon serve different file contents for |
| * the same file to different apps. |
| * |
| * The only supported transform for now is transcoding which re-encodes a file taken in a modern |
| * format like HEVC to a legacy format like AVC. |
| * |
| * @param src file path to transform |
| * @param dst file path to save transformed file |
| * @param flags determines the kind of transform |
| * @param readUid app that called us requesting transform |
| * @param openUid app that originally made the open call |
| * @param mediaCapabilitiesUid app for which the transform decision was made, |
| * 0 if decision was made with openUid |
| * |
| * Called from JNI in jni/MediaProviderWrapper.cpp |
| */ |
| @Keep |
| public boolean transformForFuse(String src, String dst, int transforms, int transformsReason, |
| int readUid, int openUid, int mediaCapabilitiesUid) { |
| if ((transforms & FLAG_TRANSFORM_TRANSCODING) != 0) { |
| if (mTranscodeHelper.isTranscodeFileCached(src, dst)) { |
| Log.d(TAG, "Using transcode cache for " + src); |
| return true; |
| } |
| |
| // In general we always mark the opener as causing transcoding. |
| // However, if the mediaCapabilitiesUid is available then we mark the reader as causing |
| // transcoding. This handles the case where a malicious app might want to take |
| // advantage of mediaCapabilitiesUid by setting it to another app's uid and reading the |
| // media contents itself; in such cases we'd mark the reader (malicious app) for the |
| // cost of transcoding. |
| // |
| // openUid readUid mediaCapabilitiesUid |
| // ------------------------------------------------------------------------------------- |
| // using picker SAF app app |
| // abusive case bad app bad app victim |
| // modern to lega- |
| // -cy sharing modern legacy legacy |
| // |
| // we'd not be here in the below case. |
| // legacy to mode- |
| // -rn sharing legacy modern modern |
| |
| int transcodeUid = openUid; |
| if (mediaCapabilitiesUid > 0) { |
| Log.d(TAG, "Fix up transcodeUid to " + readUid + ". openUid " + openUid |
| + ", mediaCapabilitiesUid " + mediaCapabilitiesUid); |
| transcodeUid = readUid; |
| } |
| return mTranscodeHelper.transcode(src, dst, transcodeUid, transformsReason); |
| } |
| return true; |
| } |
| |
| /** |
| * Called from FUSE to get {@link FileLookupResult} for a {@code path} and {@code uid} |
| * |
| * {@link FileLookupResult} contains transforms, transforms completion status and ioPath |
| * for transform lookup query for a file and uid. |
| * |
| * @param path file path to get transforms for |
| * @param uid app requesting IO form kernel |
| * @param tid FUSE thread id handling IO request from kernel |
| * |
| * Called from JNI in jni/MediaProviderWrapper.cpp |
| */ |
| @Keep |
| public FileLookupResult onFileLookupForFuse(String path, int uid, int tid) { |
| uid = getBinderUidForFuse(uid, tid); |
| final int userId = uidToUserId(uid); |
| |
| if (isSyntheticPath(path, userId)) { |
| if (isRedactedPath(path, userId)) { |
| return handleRedactedFileLookup(uid, path); |
| } else if (isPickerPath(path, userId)) { |
| return handlePickerFileLookup(userId, uid, path); |
| } |
| |
| throw new IllegalStateException("Unexpected synthetic path: " + path); |
| } |
| |
| if (mTranscodeHelper.supportsTranscode(path)) { |
| return handleTranscodedFileLookup(path, uid, tid); |
| } |
| |
| return new FileLookupResult(/* transforms */ 0, uid, /* ioPath */ ""); |
| } |
| |
| private FileLookupResult handleTranscodedFileLookup(String path, int uid, int tid) { |
| final int transformsReason; |
| final PendingOpenInfo info; |
| |
| synchronized (mPendingOpenInfo) { |
| info = mPendingOpenInfo.get(tid); |
| } |
| |
| if (info != null && info.uid == uid) { |
| transformsReason = info.transcodeReason; |
| } else { |
| transformsReason = mTranscodeHelper.shouldTranscode(path, uid, null /* bundle */); |
| } |
| |
| if (transformsReason > 0) { |
| final String ioPath = mTranscodeHelper.prepareIoPath(path, uid); |
| final boolean transformsComplete = mTranscodeHelper.isTranscodeFileCached(path, ioPath); |
| |
| return new FileLookupResult(FLAG_TRANSFORM_TRANSCODING, transformsReason, uid, |
| transformsComplete, /* transformsSupported */ true, ioPath); |
| } |
| |
| return new FileLookupResult(/* transforms */ 0, transformsReason, uid, |
| /* transformsComplete */ true, /* transformsSupported */ true, ""); |
| } |
| |
| private FileLookupResult handleRedactedFileLookup(int uid, @NonNull String path) { |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| final String fileName = extractFileName(path); |
| |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(FileUtils.getContentUriForPath(path)); |
| } catch (VolumeNotFoundException e) { |
| throw new IllegalStateException("Volume not found for file: " + path); |
| } |
| |
| try (final Cursor c = helper.runWithoutTransaction( |
| (db) -> db.query("files", new String[]{MediaColumns.DATA}, |
| FileColumns.REDACTED_URI_ID + "=?", new String[]{fileName}, null, null, |
| null))) { |
| if (c.moveToFirst()) { |
| return new FileLookupResult(FLAG_TRANSFORM_REDACTION, uid, c.getString(0)); |
| } |
| |
| throw new IllegalStateException("Failed to fetch synthetic redacted path: " + path); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| |
| private FileLookupResult handlePickerFileLookup(int userId, int uid, @NonNull String path) { |
| final File file = new File(path); |
| final List<String> syntheticRelativePathSegments = |
| extractSyntheticRelativePathSegements(path, userId); |
| final int segmentCount = syntheticRelativePathSegments.size(); |
| |
| if (segmentCount < 1 || segmentCount > 5) { |
| throw new IllegalStateException("Unexpected synthetic picker path: " + file); |
| } |
| |
| final String lastSegment = syntheticRelativePathSegments.get(segmentCount - 1); |
| |
| boolean result = false; |
| switch (segmentCount) { |
| case 1: |
| // .../picker |
| if (lastSegment.equals("picker")) { |
| result = file.exists() || file.mkdir(); |
| } |
| break; |
| case 2: |
| // .../picker/<user-id> |
| try { |
| Integer.parseInt(lastSegment); |
| result = file.exists() || file.mkdir(); |
| } catch (NumberFormatException e) { |
| Log.w(TAG, "Invalid user id for picker file lookup: " + lastSegment |
| + ". File: " + file); |
| } |
| break; |
| case 3: |
| // .../picker/<user-id>/<authority> |
| result = preparePickerAuthorityPathSegment(file, lastSegment, uid); |
| break; |
| case 4: |
| // .../picker/<user-id>/<authority>/media |
| if (lastSegment.equals("media")) { |
| result = file.exists() || file.mkdir(); |
| } |
| break; |
| case 5: |
| // .../picker/<user-id>/<authority>/media/<media-id.extension> |
| final String fileUserId = syntheticRelativePathSegments.get(1); |
| final String authority = syntheticRelativePathSegments.get(2); |
| result = preparePickerMediaIdPathSegment(file, authority, lastSegment, fileUserId); |
| break; |
| } |
| |
| if (result) { |
| return new FileLookupResult(FLAG_TRANSFORM_PICKER, uid, path); |
| } |
| throw new IllegalStateException("Failed to prepare synthetic picker path: " + file); |
| } |
| |
| private FileOpenResult handlePickerFileOpen(String path, int uid) { |
| final String[] segments = path.split("/"); |
| if (segments.length != 11) { |
| Log.e(TAG, "Picker file open failed. Unexpected segments: " + path); |
| return new FileOpenResult(OsConstants.ENOENT /* status */, uid, /* transformsUid */ 0, |
| new long[0]); |
| } |
| |
| // ['', 'storage', 'emulated', '0', 'transforms', 'synthetic', 'picker', '<user-id>', |
| // '<host>', 'media', '<fileName>'] |
| final String userId = segments[7]; |
| final String fileName = segments[10]; |
| final String host = segments[8]; |
| final String authority = userId + "@" + host; |
| final int lastDotIndex = fileName.lastIndexOf('.'); |
| |
| if (lastDotIndex == -1) { |
| Log.e(TAG, "Picker file open failed. No file extension: " + path); |
| return FileOpenResult.createError(OsConstants.ENOENT, uid); |
| } |
| |
| final String mediaId = fileName.substring(0, lastDotIndex); |
| final Uri uri = getMediaUri(authority).buildUpon().appendPath(mediaId).build(); |
| |
| IBinder binder = getContext().getContentResolver() |
| .call(uri, METHOD_GET_ASYNC_CONTENT_PROVIDER, null, null) |
| .getBinder(EXTRA_ASYNC_CONTENT_PROVIDER); |
| if (binder == null) { |
| Log.e(TAG, "Picker file open failed. No cloud media provider found."); |
| return FileOpenResult.createError(OsConstants.ENOENT, uid); |
| } |
| IAsyncContentProvider iAsyncContentProvider = IAsyncContentProvider.Stub.asInterface( |
| binder); |
| AsyncContentProvider asyncContentProvider = new AsyncContentProvider(iAsyncContentProvider); |
| final ParcelFileDescriptor pfd; |
| try { |
| pfd = asyncContentProvider.openMedia(uri, "r"); |
| } catch (FileNotFoundException | ExecutionException | InterruptedException |
| | TimeoutException | RemoteException e) { |
| Log.e(TAG, "Picker file open failed. Failed to open URI: " + uri, e); |
| return FileOpenResult.createError(OsConstants.ENOENT, uid); |
| } |
| |
| try (FileInputStream fis = new FileInputStream(pfd.getFileDescriptor())) { |
| final String mimeType = MimeUtils.resolveMimeType(new File(path)); |
| final long[] redactionRanges = getRedactionRanges(fis, mimeType).redactionRanges; |
| return new FileOpenResult(0 /* status */, uid, /* transformsUid */ 0, |
| /* nativeFd */ pfd.detachFd(), redactionRanges); |
| } catch (IOException e) { |
| Log.e(TAG, "Picker file open failed. No file extension: " + path, e); |
| return FileOpenResult.createError(OsConstants.ENOENT, uid); |
| } |
| } |
| |
| private boolean preparePickerAuthorityPathSegment(File file, String authority, int uid) { |
| if (mPickerSyncController.isProviderEnabled(authority)) { |
| return file.exists() || file.mkdir(); |
| } |
| |
| return false; |
| } |
| |
| private boolean preparePickerMediaIdPathSegment(File file, String authority, String fileName, |
| String userId) { |
| final String mediaId = extractFileName(fileName); |
| final String[] projection = new String[] { MediaStore.PickerMediaColumns.SIZE }; |
| |
| final Uri uri = Uri.parse("content://media/picker/" + userId + "/" + authority + "/media/" |
| + mediaId); |
| try (Cursor cursor = mPickerUriResolver.query(uri, projection, /* callingUid */0, |
| android.os.Process.myUid())) { |
| if (cursor != null && cursor.moveToFirst()) { |
| final int sizeBytesIdx = cursor.getColumnIndex(MediaStore.PickerMediaColumns.SIZE); |
| |
| if (sizeBytesIdx != -1) { |
| return createSparseFile(file, cursor.getLong(sizeBytesIdx)); |
| } |
| } |
| } |
| |
| return false; |
| } |
| |
| public int getBinderUidForFuse(int uid, int tid) { |
| if (uid != MY_UID) { |
| return uid; |
| } |
| |
| synchronized (mPendingOpenInfo) { |
| PendingOpenInfo info = mPendingOpenInfo.get(tid); |
| if (info == null) { |
| return uid; |
| } |
| return info.uid; |
| } |
| } |
| |
| private static int uidToUserId(int uid) { |
| return uid / PER_USER_RANGE; |
| } |
| |
| /** |
| * Returns true if the app denoted by the given {@code uid} and {@code packageName} is allowed |
| * to clear other apps' cache directories. |
| */ |
| static boolean hasPermissionToClearCaches(Context context, ApplicationInfo ai) { |
| PermissionUtils.setOpDescription("clear app cache"); |
| try { |
| return PermissionUtils.checkPermissionManager(context, /* pid */ -1, ai.uid, |
| ai.packageName, /* attributionTag */ null); |
| } finally { |
| PermissionUtils.clearOpDescription(); |
| } |
| } |
| |
| @VisibleForTesting |
| void computeAudioLocalizedValues(ContentValues values) { |
| try { |
| final String title = values.getAsString(AudioColumns.TITLE); |
| final String titleRes = values.getAsString(AudioColumns.TITLE_RESOURCE_URI); |
| |
| if (!TextUtils.isEmpty(titleRes)) { |
| final String localized = getLocalizedTitle(titleRes); |
| if (!TextUtils.isEmpty(localized)) { |
| values.put(AudioColumns.TITLE, localized); |
| } |
| } else { |
| final String localized = getLocalizedTitle(title); |
| if (!TextUtils.isEmpty(localized)) { |
| values.put(AudioColumns.TITLE, localized); |
| values.put(AudioColumns.TITLE_RESOURCE_URI, title); |
| } |
| } |
| } catch (Exception e) { |
| Log.w(TAG, "Failed to localize title", e); |
| } |
| } |
| |
| @VisibleForTesting |
| static void computeAudioKeyValues(ContentValues values) { |
| computeAudioKeyValue(values, AudioColumns.TITLE, AudioColumns.TITLE_KEY, /* focusId */ |
| null, /* hashValue */ 0); |
| computeAudioKeyValue(values, AudioColumns.ARTIST, AudioColumns.ARTIST_KEY, |
| AudioColumns.ARTIST_ID, /* hashValue */ 0); |
| computeAudioKeyValue(values, AudioColumns.GENRE, AudioColumns.GENRE_KEY, |
| AudioColumns.GENRE_ID, /* hashValue */ 0); |
| computeAudioAlbumKeyValue(values); |
| } |
| |
| /** |
| * To distinguish same-named albums, we append a hash. The hash is |
| * based on the "album artist" tag if present, otherwise on the path of |
| * the parent directory of the audio file. |
| */ |
| private static void computeAudioAlbumKeyValue(ContentValues values) { |
| int hashCode = 0; |
| |
| final String albumArtist = values.getAsString(MediaColumns.ALBUM_ARTIST); |
| if (!TextUtils.isEmpty(albumArtist)) { |
| hashCode = albumArtist.hashCode(); |
| } else { |
| final String path = values.getAsString(MediaColumns.DATA); |
| if (!TextUtils.isEmpty(path)) { |
| hashCode = path.substring(0, path.lastIndexOf('/')).hashCode(); |
| } |
| } |
| |
| computeAudioKeyValue(values, AudioColumns.ALBUM, AudioColumns.ALBUM_KEY, |
| AudioColumns.ALBUM_ID, hashCode); |
| } |
| |
| private static void computeAudioKeyValue(@NonNull ContentValues values, @NonNull String focus, |
| @Nullable String focusKey, @Nullable String focusId, int hashValue) { |
| if (focusKey != null) values.remove(focusKey); |
| if (focusId != null) values.remove(focusId); |
| |
| final String value = values.getAsString(focus); |
| if (TextUtils.isEmpty(value)) return; |
| |
| final String key = Audio.keyFor(value); |
| if (key == null) return; |
| |
| if (focusKey != null) { |
| values.put(focusKey, key); |
| } |
| if (focusId != null) { |
| // Many apps break if we generate negative IDs, so trim off the |
| // highest bit to ensure we're always unsigned |
| final long id = Hashing.farmHashFingerprint64().hashString(key + hashValue, |
| StandardCharsets.UTF_8).asLong() & ~(1L << 63); |
| values.put(focusId, id); |
| } |
| } |
| |
| @Override |
| public Uri canonicalize(Uri uri) { |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final int match = matchUri(uri, allowHidden); |
| |
| // Skip when we have nothing to canonicalize |
| if ("1".equals(uri.getQueryParameter(CANONICAL))) { |
| return uri; |
| } |
| |
| try (Cursor c = queryForSingleItem(uri, null, null, null, null)) { |
| switch (match) { |
| case AUDIO_MEDIA_ID: { |
| final String title = getDefaultTitleFromCursor(c); |
| if (!TextUtils.isEmpty(title)) { |
| final Uri.Builder builder = uri.buildUpon(); |
| builder.appendQueryParameter(AudioColumns.TITLE, title); |
| builder.appendQueryParameter(CANONICAL, "1"); |
| return builder.build(); |
| } |
| break; |
| } |
| case VIDEO_MEDIA_ID: |
| case IMAGES_MEDIA_ID: { |
| final String documentId = c |
| .getString(c.getColumnIndexOrThrow(MediaColumns.DOCUMENT_ID)); |
| if (!TextUtils.isEmpty(documentId)) { |
| final Uri.Builder builder = uri.buildUpon(); |
| builder.appendQueryParameter(MediaColumns.DOCUMENT_ID, documentId); |
| builder.appendQueryParameter(CANONICAL, "1"); |
| return builder.build(); |
| } |
| break; |
| } |
| } |
| } catch (FileNotFoundException e) { |
| Log.w(TAG, e.getMessage()); |
| } |
| return null; |
| } |
| |
| @Override |
| public Uri uncanonicalize(Uri uri) { |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final int match = matchUri(uri, allowHidden); |
| |
| // Skip when we have nothing to uncanonicalize |
| if (!"1".equals(uri.getQueryParameter(CANONICAL))) { |
| return uri; |
| } |
| |
| // Extract values and then clear to avoid recursive lookups |
| final String title = uri.getQueryParameter(AudioColumns.TITLE); |
| final String documentId = uri.getQueryParameter(MediaColumns.DOCUMENT_ID); |
| uri = uri.buildUpon().clearQuery().build(); |
| |
| switch (match) { |
| case AUDIO_MEDIA_ID: { |
| // First check for an exact match |
| try (Cursor c = queryForSingleItem(uri, null, null, null, null)) { |
| if (Objects.equals(title, getDefaultTitleFromCursor(c))) { |
| return uri; |
| } |
| } catch (FileNotFoundException e) { |
| Log.w(TAG, "Trouble resolving " + uri + "; falling back to search: " + e); |
| } |
| |
| // Otherwise fallback to searching |
| final Uri baseUri = ContentUris.removeId(uri); |
| try (Cursor c = queryForSingleItem(baseUri, |
| new String[] { BaseColumns._ID }, |
| AudioColumns.TITLE + "=?", new String[] { title }, null)) { |
| return ContentUris.withAppendedId(baseUri, c.getLong(0)); |
| } catch (FileNotFoundException e) { |
| Log.w(TAG, "Failed to resolve " + uri + ": " + e); |
| return null; |
| } |
| } |
| case VIDEO_MEDIA_ID: |
| case IMAGES_MEDIA_ID: { |
| // First check for an exact match |
| try (Cursor c = queryForSingleItem(uri, null, null, null, null)) { |
| if (Objects.equals(title, getDefaultTitleFromCursor(c))) { |
| return uri; |
| } |
| } catch (FileNotFoundException e) { |
| Log.w(TAG, "Trouble resolving " + uri + "; falling back to search: " + e); |
| } |
| |
| // Otherwise fallback to searching |
| final Uri baseUri = ContentUris.removeId(uri); |
| try (Cursor c = queryForSingleItem(baseUri, |
| new String[] { BaseColumns._ID }, |
| MediaColumns.DOCUMENT_ID + "=?", new String[] { documentId }, null)) { |
| return ContentUris.withAppendedId(baseUri, c.getLong(0)); |
| } catch (FileNotFoundException e) { |
| Log.w(TAG, "Failed to resolve " + uri + ": " + e); |
| return null; |
| } |
| } |
| } |
| |
| return uri; |
| } |
| |
| private Uri safeUncanonicalize(Uri uri) { |
| Uri newUri = uncanonicalize(uri); |
| if (newUri != null) { |
| return newUri; |
| } |
| return uri; |
| } |
| |
| /** |
| * @return where clause to exclude database rows where |
| * <ul> |
| * <li> {@code column} is set or |
| * <li> {@code column} is {@link MediaColumns#IS_PENDING} and is set by FUSE and not owned by |
| * calling package. |
| * <li> {@code column} is {@link MediaColumns#IS_PENDING}, is unset and is waiting for |
| * metadata update from a deferred scan. |
| * </ul> |
| */ |
| private String getWhereClauseForMatchExclude(@NonNull String column) { |
| if (column.equalsIgnoreCase(MediaColumns.IS_PENDING)) { |
| // Don't include rows that are pending for metadata |
| final String pendingForMetadata = FileColumns._MODIFIER + "=" |
| + FileColumns._MODIFIER_CR_PENDING_METADATA; |
| final String notPending = String.format("(%s=0 AND NOT %s)", column, |
| pendingForMetadata); |
| final String matchSharedPackagesClause = FileColumns.OWNER_PACKAGE_NAME + " IN " |
| + getSharedPackages(); |
| // Include owned pending files from Fuse |
| final String pendingFromFuse = String.format("(%s=1 AND %s AND %s)", column, |
| MATCH_PENDING_FROM_FUSE, matchSharedPackagesClause); |
| return "(" + notPending + " OR " + pendingFromFuse + ")"; |
| } |
| return column + "=0"; |
| } |
| |
| /** |
| * @return where clause to include database rows where |
| * <ul> |
| * <li> {@code column} is not set or |
| * <li> {@code column} is set and calling package has write permission to corresponding db row |
| * or {@code column} is {@link MediaColumns#IS_PENDING} and is set by FUSE. |
| * </ul> |
| * The method is used to match db rows corresponding to writable pending and trashed files. |
| */ |
| @Nullable |
| private String getWhereClauseForMatchableVisibleFromFilePath(@NonNull Uri uri, |
| @NonNull String column) { |
| if (isCallingPackageLegacyWrite() || checkCallingPermissionGlobal(uri, /*forWrite*/ true)) { |
| // No special filtering needed |
| return null; |
| } |
| |
| final String callingPackage = getCallingPackageOrSelf(); |
| |
| final ArrayList<String> options = new ArrayList<>(); |
| switch(matchUri(uri, isCallingPackageAllowedHidden())) { |
| case IMAGES_MEDIA_ID: |
| case IMAGES_MEDIA: |
| case IMAGES_THUMBNAILS_ID: |
| case IMAGES_THUMBNAILS: |
| if (checkCallingPermissionImages(/*forWrite*/ true, callingPackage)) { |
| // No special filtering needed |
| return null; |
| } |
| break; |
| case AUDIO_MEDIA_ID: |
| case AUDIO_MEDIA: |
| case AUDIO_PLAYLISTS_ID: |
| case AUDIO_PLAYLISTS: |
| if (checkCallingPermissionAudio(/*forWrite*/ true, callingPackage)) { |
| // No special filtering needed |
| return null; |
| } |
| break; |
| case VIDEO_MEDIA_ID: |
| case VIDEO_MEDIA: |
| case VIDEO_THUMBNAILS_ID: |
| case VIDEO_THUMBNAILS: |
| if (checkCallingPermissionVideo(/*firWrite*/ true, callingPackage)) { |
| // No special filtering needed |
| return null; |
| } |
| break; |
| case DOWNLOADS_ID: |
| case DOWNLOADS: |
| // No app has special permissions for downloads. |
| break; |
| case FILES_ID: |
| case FILES: |
| if (checkCallingPermissionAudio(/*forWrite*/ true, callingPackage)) { |
| // Allow apps with audio permission to include audio* media types. |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_AUDIO)); |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_PLAYLIST)); |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_SUBTITLE)); |
| } |
| if (checkCallingPermissionVideo(/*forWrite*/ true, callingPackage)) { |
| // Allow apps with video permission to include video* media types. |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_VIDEO)); |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_SUBTITLE)); |
| } |
| if (checkCallingPermissionImages(/*forWrite*/ true, callingPackage)) { |
| // Allow apps with images permission to include images* media types. |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_IMAGE)); |
| } |
| break; |
| default: |
| // is_pending, is_trashed are not applicable for rest of the media tables. |
| return null; |
| } |
| |
| final String matchSharedPackagesClause = FileColumns.OWNER_PACKAGE_NAME + " IN " |
| + getSharedPackages(); |
| options.add(DatabaseUtils.bindSelection(matchSharedPackagesClause)); |
| |
| if (column.equalsIgnoreCase(MediaColumns.IS_PENDING)) { |
| // Include all pending files from Fuse |
| options.add(MATCH_PENDING_FROM_FUSE); |
| } |
| |
| final String matchWritableRowsClause = String.format("%s=0 OR (%s=1 AND %s)", column, |
| column, TextUtils.join(" OR ", options)); |
| return matchWritableRowsClause; |
| } |
| |
| /** |
| * Gets list of files in {@code path} from media provider database. |
| * |
| * @param path path of the directory. |
| * @param uid UID of the calling process. |
| * @return a list of file names in the given directory path. |
| * An empty list is returned if no files are visible to the calling app or the given directory |
| * does not have any files. |
| * A list with ["/"] is returned if the path is not indexed by MediaProvider database or |
| * calling package is a legacy app and has appropriate storage permissions for the given path. |
| * In both scenarios file names should be obtained from lower file system. |
| * A list with empty string[""] is returned if the calling package doesn't have access to the |
| * given path. |
| * |
| * <p>Directory names are always obtained from lower file system. |
| * |
| * Called from JNI in jni/MediaProviderWrapper.cpp |
| */ |
| @Keep |
| public String[] getFilesInDirectoryForFuse(String path, int uid) { |
| final LocalCallingIdentity token = |
| clearLocalCallingIdentity(getCachedCallingIdentityForFuse(uid)); |
| PulledMetrics.logFileAccessViaFuse(getCallingUidOrSelf(), path); |
| |
| try { |
| if (isPrivatePackagePathNotAccessibleByCaller(path)) { |
| return new String[] {""}; |
| } |
| |
| if (shouldBypassFuseRestrictions(/*forWrite*/ false, path)) { |
| return new String[] {"/"}; |
| } |
| |
| // Do not allow apps to list Android/data or Android/obb dirs. |
| // On primary volumes, apps that get special access to these directories get it via |
| // mount views of lowerfs. On secondary volumes, such apps would return early from |
| // shouldBypassFuseRestrictions above. |
| if (isDataOrObbPath(path)) { |
| return new String[] {""}; |
| } |
| |
| // Legacy apps that made is this far don't have the right storage permission and hence |
| // are not allowed to access anything other than their external app directory |
| if (isCallingPackageRequestingLegacy()) { |
| return new String[] {""}; |
| } |
| |
| // Get relative path for the contents of given directory. |
| String relativePath = extractRelativePathWithDisplayName(path); |
| |
| if (relativePath == null) { |
| // Path is /storage/emulated/, if relativePath is null, MediaProvider doesn't |
| // have any details about the given directory. Use lower file system to obtain |
| // files and directories in the given directory. |
| return new String[] {"/"}; |
| } |
| |
| // For all other paths, get file names from media provider database. |
| // Return media and non-media files visible to the calling package. |
| ArrayList<String> fileNamesList = new ArrayList<>(); |
| |
| // Only FileColumns.DATA contains actual name of the file. |
| String[] projection = {MediaColumns.DATA}; |
| |
| Bundle queryArgs = new Bundle(); |
| queryArgs.putString(QUERY_ARG_SQL_SELECTION, MediaColumns.RELATIVE_PATH + |
| " =? and mime_type not like 'null'"); |
| queryArgs.putStringArray(QUERY_ARG_SQL_SELECTION_ARGS, new String[] {relativePath}); |
| // Get database entries for files from MediaProvider database with |
| // MediaColumns.RELATIVE_PATH as the given path. |
| try (final Cursor cursor = query(FileUtils.getContentUriForPath(path), projection, |
| queryArgs, null)) { |
| while(cursor.moveToNext()) { |
| fileNamesList.add(extractDisplayName(cursor.getString(0))); |
| } |
| } |
| return fileNamesList.toArray(new String[fileNamesList.size()]); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| |
| /** |
| * Scan files during directory renames for the following reasons: |
| * <ul> |
| * <li>Because we don't update db rows for directories, we scan the oldPath to discard stale |
| * directory db rows. This prevents conflicts during subsequent db operations with oldPath. |
| * <li>We need to scan newPath as well, because the new directory may have become hidden |
| * or unhidden, in which case we need to update the media types of the contained files |
| * </ul> |
| */ |
| private void scanRenamedDirectoryForFuse(@NonNull String oldPath, @NonNull String newPath) { |
| scanFileAsMediaProvider(new File(oldPath), REASON_DEMAND); |
| scanFileAsMediaProvider(new File(newPath), REASON_DEMAND); |
| } |
| |
| /** |
| * Checks if given {@code mimeType} is supported in {@code path}. |
| */ |
| private boolean isMimeTypeSupportedInPath(String path, String mimeType) { |
| final String supportedPrimaryMimeType; |
| final int match = matchUri(getContentUriForFile(path, mimeType), true); |
| switch (match) { |
| case AUDIO_MEDIA: |
| supportedPrimaryMimeType = "audio"; |
| break; |
| case VIDEO_MEDIA: |
| supportedPrimaryMimeType = "video"; |
| break; |
| case IMAGES_MEDIA: |
| supportedPrimaryMimeType = "image"; |
| break; |
| default: |
| supportedPrimaryMimeType = ClipDescription.MIMETYPE_UNKNOWN; |
| } |
| return (supportedPrimaryMimeType.equalsIgnoreCase(ClipDescription.MIMETYPE_UNKNOWN) || |
| StringUtils.startsWithIgnoreCase(mimeType, supportedPrimaryMimeType)); |
| } |
| |
| /** |
| * Removes owner package for the renamed path if the calling package doesn't own the db row |
| * |
| * When oldPath is renamed to newPath, if newPath exists in the database, and caller is not the |
| * owner of the file, owner package is set to 'null'. This prevents previous owner of newPath |
| * from accessing renamed file. |
| * @return {@code true} if |
| * <ul> |
| * <li> there is no corresponding database row for given {@code path} |
| * <li> shared calling package is the owner of the database row |
| * <li> owner package name is already set to 'null' |
| * <li> updating owner package name to 'null' was successful. |
| * </ul> |
| * Returns {@code false} otherwise. |
| */ |
| private boolean maybeRemoveOwnerPackageForFuseRename(@NonNull DatabaseHelper helper, |
| @NonNull String path) { |
| |
| final Uri uri = FileUtils.getContentUriForPath(path); |
| final int match = matchUri(uri, isCallingPackageAllowedHidden()); |
| final String ownerPackageName; |
| final String selection = MediaColumns.DATA + " =? AND " |
| + MediaColumns.OWNER_PACKAGE_NAME + " != 'null'"; |
| final String[] selectionArgs = new String[] {path}; |
| |
| final SQLiteQueryBuilder qbForQuery = |
| getQueryBuilder(TYPE_QUERY, match, uri, Bundle.EMPTY, null); |
| try (Cursor c = qbForQuery.query(helper, new String[] {FileColumns.OWNER_PACKAGE_NAME}, |
| selection, selectionArgs, null, null, null, null, null)) { |
| if (!c.moveToFirst()) { |
| // We don't need to remove owner_package from db row if path doesn't exist in |
| // database or owner_package is already set to 'null' |
| return true; |
| } |
| ownerPackageName = c.getString(0); |
| if (isCallingIdentitySharedPackageName(ownerPackageName)) { |
| // We don't need to remove owner_package from db row if calling package is the owner |
| // of the database row |
| return true; |
| } |
| } |
| |
| final SQLiteQueryBuilder qbForUpdate = |
| getQueryBuilder(TYPE_UPDATE, match, uri, Bundle.EMPTY, null); |
| ContentValues values = new ContentValues(); |
| values.put(FileColumns.OWNER_PACKAGE_NAME, "null"); |
| return qbForUpdate.update(helper, values, selection, selectionArgs) == 1; |
| } |
| |
| private boolean updateDatabaseForFuseRename(@NonNull DatabaseHelper helper, |
| @NonNull String oldPath, @NonNull String newPath, @NonNull ContentValues values) { |
| return updateDatabaseForFuseRename(helper, oldPath, newPath, values, Bundle.EMPTY); |
| } |
| |
| private boolean updateDatabaseForFuseRename(@NonNull DatabaseHelper helper, |
| @NonNull String oldPath, @NonNull String newPath, @NonNull ContentValues values, |
| @NonNull Bundle qbExtras) { |
| return updateDatabaseForFuseRename(helper, oldPath, newPath, values, qbExtras, |
| FileUtils.getContentUriForPath(oldPath)); |
| } |
| |
| /** |
| * Updates database entry for given {@code path} with {@code values} |
| */ |
| private boolean updateDatabaseForFuseRename(@NonNull DatabaseHelper helper, |
| @NonNull String oldPath, @NonNull String newPath, @NonNull ContentValues values, |
| @NonNull Bundle qbExtras, Uri uriOldPath) { |
| boolean allowHidden = isCallingPackageAllowedHidden(); |
| final SQLiteQueryBuilder qbForUpdate = getQueryBuilder(TYPE_UPDATE, |
| matchUri(uriOldPath, allowHidden), uriOldPath, qbExtras, null); |
| if (values.containsKey(FileColumns._MODIFIER)) { |
| qbForUpdate.allowColumn(FileColumns._MODIFIER); |
| } |
| final String selection = MediaColumns.DATA + " =? "; |
| int count = 0; |
| boolean retryUpdateWithReplace = false; |
| |
| try { |
| // TODO(b/146777893): System gallery apps can rename a media directory containing |
| // non-media files. This update doesn't support updating non-media files that are not |
| // owned by system gallery app. |
| count = qbForUpdate.update(helper, values, selection, new String[]{oldPath}); |
| } catch (SQLiteConstraintException e) { |
| Log.w(TAG, "Database update failed while renaming " + oldPath, e); |
| retryUpdateWithReplace = true; |
| } |
| |
| if (retryUpdateWithReplace) { |
| if (deleteForFuseRename(helper, oldPath, newPath, qbExtras, selection, allowHidden)) { |
| Log.i(TAG, "Retrying database update after deleting conflicting entry"); |
| count = qbForUpdate.update(helper, values, selection, new String[]{oldPath}); |
| } else { |
| return false; |
| } |
| } |
| return count == 1; |
| } |
| |
| private boolean deleteForFuseRename(DatabaseHelper helper, String oldPath, |
| String newPath, Bundle qbExtras, String selection, boolean allowHidden) { |
| // We are replacing file in newPath with file in oldPath. If calling package has |
| // write permission for newPath, delete existing database entry and retry update. |
| final Uri uriNewPath = FileUtils.getContentUriForPath(oldPath); |
| final SQLiteQueryBuilder qbForDelete = getQueryBuilder(TYPE_DELETE, |
| matchUri(uriNewPath, allowHidden), uriNewPath, qbExtras, null); |
| if (qbForDelete.delete(helper, selection, new String[] {newPath}) == 1) { |
| return true; |
| } |
| // Check if delete can be done using other URI grants |
| final String[] projection = new String[] { |
| FileColumns.MEDIA_TYPE, |
| FileColumns.DATA, |
| FileColumns._ID, |
| FileColumns.IS_DOWNLOAD, |
| FileColumns.MIME_TYPE, |
| }; |
| return |
| deleteWithOtherUriGrants( |
| FileUtils.getContentUriForPath(newPath), |
| helper, projection, selection, new String[] {newPath}, qbExtras) == 1; |
| } |
| |
| /** |
| * Gets {@link ContentValues} for updating database entry to {@code path}. |
| */ |
| private ContentValues getContentValuesForFuseRename(String path, String newMimeType, |
| boolean wasHidden, boolean isHidden, boolean isSameMimeType) { |
| ContentValues values = new ContentValues(); |
| values.put(MediaColumns.MIME_TYPE, newMimeType); |
| values.put(MediaColumns.DATA, path); |
| |
| if (isHidden) { |
| values.put(FileColumns.MEDIA_TYPE, FileColumns.MEDIA_TYPE_NONE); |
| } else { |
| int mediaType = MimeUtils.resolveMediaType(newMimeType); |
| values.put(FileColumns.MEDIA_TYPE, mediaType); |
| } |
| |
| if ((!isHidden && wasHidden) || !isSameMimeType) { |
| // Set the modifier as MODIFIER_FUSE so that apps can scan the file to update the |
| // metadata. Otherwise, scan will skip scanning this file because rename() doesn't |
| // change lastModifiedTime and scan assumes there is no change in the file. |
| values.put(FileColumns._MODIFIER, FileColumns._MODIFIER_FUSE); |
| } |
| |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| if (!newMimeType.equalsIgnoreCase("null") && |
| matchUri(getContentUriForFile(path, newMimeType), allowHidden) == AUDIO_MEDIA) { |
| computeAudioLocalizedValues(values); |
| computeAudioKeyValues(values); |
| } |
| FileUtils.computeValuesFromData(values, isFuseThread()); |
| return values; |
| } |
| |
| private ArrayList<String> getIncludedDefaultDirectories() { |
| final ArrayList<String> includedDefaultDirs = new ArrayList<>(); |
| if (checkCallingPermissionVideo(/*forWrite*/ true, null)) { |
| includedDefaultDirs.add(Environment.DIRECTORY_DCIM); |
| includedDefaultDirs.add(Environment.DIRECTORY_PICTURES); |
| includedDefaultDirs.add(Environment.DIRECTORY_MOVIES); |
| } else if (checkCallingPermissionImages(/*forWrite*/ true, null)) { |
| includedDefaultDirs.add(Environment.DIRECTORY_DCIM); |
| includedDefaultDirs.add(Environment.DIRECTORY_PICTURES); |
| } |
| return includedDefaultDirs; |
| } |
| |
| /** |
| * Gets all files in the given {@code path} and subdirectories of the given {@code path}. |
| */ |
| private ArrayList<String> getAllFilesForRenameDirectory(String oldPath) { |
| final String selection = FileColumns.DATA + " LIKE ? ESCAPE '\\'" |
| + " and mime_type not like 'null'"; |
| final String[] selectionArgs = new String[] {DatabaseUtils.escapeForLike(oldPath) + "/%"}; |
| ArrayList<String> fileList = new ArrayList<>(); |
| |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try (final Cursor c = query(FileUtils.getContentUriForPath(oldPath), |
| new String[] {MediaColumns.DATA}, selection, selectionArgs, null)) { |
| while (c.moveToNext()) { |
| String filePath = c.getString(0); |
| filePath = filePath.replaceFirst(Pattern.quote(oldPath + "/"), ""); |
| fileList.add(filePath); |
| } |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| return fileList; |
| } |
| |
| /** |
| * Gets files in the given {@code path} and subdirectories of the given {@code path} for which |
| * calling package has write permissions. |
| * |
| * This method throws {@code IllegalArgumentException} if the directory has one or more |
| * files for which calling package doesn't have write permission or if file type is not |
| * supported in {@code newPath} |
| */ |
| private ArrayList<String> getWritableFilesForRenameDirectory(String oldPath, String newPath) |
| throws IllegalArgumentException { |
| // Try a simple check to see if the caller has full access to the given collections first |
| // before falling back to performing a query to probe for access. |
| final String oldRelativePath = extractRelativePathWithDisplayName(oldPath); |
| final String newRelativePath = extractRelativePathWithDisplayName(newPath); |
| boolean hasFullAccessToOldPath = false; |
| boolean hasFullAccessToNewPath = false; |
| for (String defaultDir : getIncludedDefaultDirectories()) { |
| if (oldRelativePath.startsWith(defaultDir)) hasFullAccessToOldPath = true; |
| if (newRelativePath.startsWith(defaultDir)) hasFullAccessToNewPath = true; |
| } |
| if (hasFullAccessToNewPath && hasFullAccessToOldPath) { |
| return getAllFilesForRenameDirectory(oldPath); |
| } |
| |
| final int countAllFilesInDirectory; |
| final String selection = FileColumns.DATA + " LIKE ? ESCAPE '\\'" |
| + " and mime_type not like 'null'"; |
| final String[] selectionArgs = new String[] {DatabaseUtils.escapeForLike(oldPath) + "/%"}; |
| |
| final Uri uriOldPath = FileUtils.getContentUriForPath(oldPath); |
| |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try (final Cursor c = query(uriOldPath, new String[] {MediaColumns._ID}, selection, |
| selectionArgs, null)) { |
| // get actual number of files in the given directory. |
| countAllFilesInDirectory = c.getCount(); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| |
| final SQLiteQueryBuilder qb = getQueryBuilder(TYPE_UPDATE, |
| matchUri(uriOldPath, isCallingPackageAllowedHidden()), uriOldPath, Bundle.EMPTY, |
| null); |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(uriOldPath); |
| } catch (VolumeNotFoundException e) { |
| throw new IllegalStateException("Volume not found while querying files for renaming " |
| + oldPath); |
| } |
| |
| ArrayList<String> fileList = new ArrayList<>(); |
| final String[] projection = {MediaColumns.DATA, MediaColumns.MIME_TYPE}; |
| try (Cursor c = qb.query(helper, projection, selection, selectionArgs, null, null, null, |
| null, null)) { |
| // Check if the calling package has write permission to all files in the given |
| // directory. If calling package has write permission to all files in the directory, the |
| // query with update uri should return same number of files as previous query. |
| if (c.getCount() != countAllFilesInDirectory) { |
| throw new IllegalArgumentException("Calling package doesn't have write permission " |
| + " to rename one or more files in " + oldPath); |
| } |
| while(c.moveToNext()) { |
| String filePath = c.getString(0); |
| filePath = filePath.replaceFirst(Pattern.quote(oldPath + "/"), ""); |
| |
| final String mimeType = c.getString(1); |
| if (!isMimeTypeSupportedInPath(newPath + "/" + filePath, mimeType)) { |
| throw new IllegalArgumentException("Can't rename " + oldPath + "/" + filePath |
| + ". Mime type " + mimeType + " not supported in " + newPath); |
| } |
| fileList.add(filePath); |
| } |
| } |
| return fileList; |
| } |
| |
| private int renameInLowerFs(String oldPath, String newPath) { |
| try { |
| Os.rename(oldPath, newPath); |
| return 0; |
| } catch (ErrnoException e) { |
| final String errorMessage = "Rename " + oldPath + " to " + newPath + " failed."; |
| Log.e(TAG, errorMessage, e); |
| return e.errno; |
| } |
| } |
| |
| /** |
| * Rename directory from {@code oldPath} to {@code newPath}. |
| * |
| * Renaming a directory is only allowed if calling package has write permission to all files in |
| * the given directory tree and all file types in the given directory tree are supported by the |
| * top level directory of new path. Renaming a directory is split into three steps: |
| * 1. Check calling package's permissions for all files in the given directory tree. Also check |
| * file type support for all files in the {@code newPath}. |
| * 2. Try updating database for all files in the directory. |
| * 3. Rename the directory in lower file system. If rename in the lower file system is |
| * successful, commit database update. |
| * |
| * @param oldPath path of the directory to be renamed. |
| * @param newPath new path of directory to be renamed. |
| * @return 0 on successful rename, appropriate negated errno value if the rename is not allowed. |
| * <ul> |
| * <li>{@link OsConstants#EPERM} Renaming a directory with file types not supported by |
| * {@code newPath} or renaming a directory with files for which calling package doesn't have |
| * write permission. |
| * This method can also return errno returned from {@code Os.rename} function. |
| */ |
| private int renameDirectoryCheckedForFuse(String oldPath, String newPath) { |
| final ArrayList<String> fileList; |
| try { |
| fileList = getWritableFilesForRenameDirectory(oldPath, newPath); |
| } catch (IllegalArgumentException e) { |
| final String errorMessage = "Rename " + oldPath + " to " + newPath + " failed. "; |
| Log.e(TAG, errorMessage, e); |
| return OsConstants.EPERM; |
| } |
| |
| return renameDirectoryUncheckedForFuse(oldPath, newPath, fileList); |
| } |
| |
| private int renameDirectoryUncheckedForFuse(String oldPath, String newPath, |
| ArrayList<String> fileList) { |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(FileUtils.getContentUriForPath(oldPath)); |
| } catch (VolumeNotFoundException e) { |
| throw new IllegalStateException("Volume not found while trying to update database for " |
| + oldPath, e); |
| } |
| |
| helper.beginTransaction(); |
| try { |
| final Bundle qbExtras = new Bundle(); |
| qbExtras.putStringArrayList(INCLUDED_DEFAULT_DIRECTORIES, |
| getIncludedDefaultDirectories()); |
| final boolean wasHidden = FileUtils.shouldDirBeHidden(new File(oldPath)); |
| final boolean isHidden = FileUtils.shouldDirBeHidden(new File(newPath)); |
| for (String filePath : fileList) { |
| final String newFilePath = newPath + "/" + filePath; |
| final String mimeType = MimeUtils.resolveMimeType(new File(newFilePath)); |
| if(!updateDatabaseForFuseRename(helper, oldPath + "/" + filePath, newFilePath, |
| getContentValuesForFuseRename(newFilePath, mimeType, wasHidden, isHidden, |
| /* isSameMimeType */ true), |
| qbExtras)) { |
| Log.e(TAG, "Calling package doesn't have write permission to rename file."); |
| return OsConstants.EPERM; |
| } |
| } |
| |
| // Rename the directory in lower file system. |
| int errno = renameInLowerFs(oldPath, newPath); |
| if (errno == 0) { |
| helper.setTransactionSuccessful(); |
| } else { |
| return errno; |
| } |
| } finally { |
| helper.endTransaction(); |
| } |
| // Directory movement might have made new/old path hidden. |
| scanRenamedDirectoryForFuse(oldPath, newPath); |
| return 0; |
| } |
| |
| /** |
| * Rename a file from {@code oldPath} to {@code newPath}. |
| * |
| * Renaming a file is split into three parts: |
| * 1. Check if {@code newPath} supports new file type. |
| * 2. Try updating database entry from {@code oldPath} to {@code newPath}. This update may fail |
| * if calling package doesn't have write permission for {@code oldPath} and {@code newPath}. |
| * 3. Rename the file in lower file system. If Rename in lower file system succeeds, commit |
| * database update. |
| * @param oldPath path of the file to be renamed. |
| * @param newPath new path of the file to be renamed. |
| * @return 0 on successful rename, appropriate negated errno value if the rename is not allowed. |
| * <ul> |
| * <li>{@link OsConstants#EPERM} Calling package doesn't have write permission for |
| * {@code oldPath} or {@code newPath}, or file type is not supported by {@code newPath}. |
| * This method can also return errno returned from {@code Os.rename} function. |
| */ |
| private int renameFileCheckedForFuse(String oldPath, String newPath) { |
| // Check if new mime type is supported in new path. |
| final String newMimeType = MimeUtils.resolveMimeType(new File(newPath)); |
| if (!isMimeTypeSupportedInPath(newPath, newMimeType)) { |
| return OsConstants.EPERM; |
| } |
| return renameFileForFuse(oldPath, newPath, /* bypassRestrictions */ false) ; |
| } |
| |
| private int renameFileUncheckedForFuse(String oldPath, String newPath) { |
| return renameFileForFuse(oldPath, newPath, /* bypassRestrictions */ true) ; |
| } |
| |
| private int renameFileForFuse(String oldPath, String newPath, boolean bypassRestrictions) { |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(FileUtils.getContentUriForPath(oldPath)); |
| } catch (VolumeNotFoundException e) { |
| throw new IllegalStateException("Failed to update database row with " + oldPath, e); |
| } |
| |
| final boolean wasHidden = FileUtils.shouldFileBeHidden(new File(oldPath)); |
| final boolean isHidden = FileUtils.shouldFileBeHidden(new File(newPath)); |
| helper.beginTransaction(); |
| try { |
| final String newMimeType = MimeUtils.resolveMimeType(new File(newPath)); |
| final String oldMimeType = MimeUtils.resolveMimeType(new File(oldPath)); |
| final boolean isSameMimeType = newMimeType.equalsIgnoreCase(oldMimeType); |
| ContentValues contentValues = getContentValuesForFuseRename(newPath, newMimeType, |
| wasHidden, isHidden, isSameMimeType); |
| if (!updateDatabaseForFuseRename(helper, oldPath, newPath, contentValues)) { |
| if (!bypassRestrictions) { |
| // Check for other URI format grants for oldPath only. Check right before |
| // returning EPERM, to leave positive case performance unaffected. |
| if (!renameWithOtherUriGrants(helper, oldPath, newPath, contentValues)) { |
| Log.e(TAG, "Calling package doesn't have write permission to rename file."); |
| return OsConstants.EPERM; |
| } |
| } else if (!maybeRemoveOwnerPackageForFuseRename(helper, newPath)) { |
| Log.wtf(TAG, "Couldn't clear owner package name for " + newPath); |
| return OsConstants.EPERM; |
| } |
| } |
| |
| // Try renaming oldPath to newPath in lower file system. |
| int errno = renameInLowerFs(oldPath, newPath); |
| if (errno == 0) { |
| helper.setTransactionSuccessful(); |
| } else { |
| return errno; |
| } |
| } finally { |
| helper.endTransaction(); |
| } |
| // The above code should have taken are of the mime/media type of the new file, |
| // even if it was moved to/from a hidden directory. |
| // This leaves cases where the source/dest of the move is a .nomedia file itself. Eg: |
| // 1) /sdcard/foo/.nomedia => /sdcard/foo/bar.mp3 |
| // in this case, the code above has given bar.mp3 the correct mime type, but we should |
| // still can /sdcard/foo, because it's now no longer hidden |
| // 2) /sdcard/foo/.nomedia => /sdcard/bar/.nomedia |
| // in this case, we need to scan both /sdcard/foo and /sdcard/bar/ |
| // 3) /sdcard/foo/bar.mp3 => /sdcard/foo/.nomedia |
| // in this case, we need to scan all of /sdcard/foo |
| if (extractDisplayName(oldPath).equals(".nomedia")) { |
| scanFileAsMediaProvider(new File(oldPath).getParentFile(), REASON_DEMAND); |
| } |
| if (extractDisplayName(newPath).equals(".nomedia")) { |
| scanFileAsMediaProvider(new File(newPath).getParentFile(), REASON_DEMAND); |
| } |
| |
| return 0; |
| } |
| |
| /** |
| * Rename file by checking for other URI grants on oldPath |
| * |
| * We don't support replace scenario by checking for other URI grants on newPath (if it exists). |
| */ |
| private boolean renameWithOtherUriGrants(DatabaseHelper helper, String oldPath, String newPath, |
| ContentValues contentValues) { |
| final Uri oldPathGrantedUri = getOtherUriGrantsForPath(oldPath, /* forWrite */ true); |
| if (oldPathGrantedUri == null) { |
| return false; |
| } |
| return updateDatabaseForFuseRename(helper, oldPath, newPath, contentValues, Bundle.EMPTY, |
| oldPathGrantedUri); |
| } |
| |
| /** |
| * Rename file/directory without imposing any restrictions. |
| * |
| * We don't impose any rename restrictions for apps that bypass scoped storage restrictions. |
| * However, we update database entries for renamed files to keep the database consistent. |
| */ |
| private int renameUncheckedForFuse(String oldPath, String newPath) { |
| if (new File(oldPath).isFile()) { |
| return renameFileUncheckedForFuse(oldPath, newPath); |
| } else { |
| return renameDirectoryUncheckedForFuse(oldPath, newPath, |
| getAllFilesForRenameDirectory(oldPath)); |
| } |
| } |
| |
| /** |
| * Rename file or directory from {@code oldPath} to {@code newPath}. |
| * |
| * @param oldPath path of the file or directory to be renamed. |
| * @param newPath new path of the file or directory to be renamed. |
| * @param uid UID of the calling package. |
| * @return 0 on successful rename, appropriate errno value if the rename is not allowed. |
| * <ul> |
| * <li>{@link OsConstants#ENOENT} Renaming a non-existing file or renaming a file from path that |
| * is not indexed by MediaProvider database. |
| * <li>{@link OsConstants#EPERM} Renaming a default directory or renaming a file to a file type |
| * not supported by new path. |
| * This method can also return errno returned from {@code Os.rename} function. |
| * |
| * Called from JNI in jni/MediaProviderWrapper.cpp |
| */ |
| @Keep |
| public int renameForFuse(String oldPath, String newPath, int uid) { |
| final String errorMessage = "Rename " + oldPath + " to " + newPath + " failed. "; |
| final LocalCallingIdentity token = |
| clearLocalCallingIdentity(getCachedCallingIdentityForFuse(uid)); |
| PulledMetrics.logFileAccessViaFuse(getCallingUidOrSelf(), oldPath); |
| |
| try { |
| if (isPrivatePackagePathNotAccessibleByCaller(oldPath) |
| || isPrivatePackagePathNotAccessibleByCaller(newPath)) { |
| return OsConstants.EACCES; |
| } |
| |
| if (!newPath.equals(getAbsoluteSanitizedPath(newPath))) { |
| Log.e(TAG, "New path name contains invalid characters."); |
| return OsConstants.EPERM; |
| } |
| |
| if (shouldBypassDatabaseAndSetDirtyForFuse(uid, oldPath) |
| && shouldBypassDatabaseAndSetDirtyForFuse(uid, newPath)) { |
| return renameInLowerFs(oldPath, newPath); |
| } |
| |
| if (shouldBypassFuseRestrictions(/*forWrite*/ true, oldPath) |
| && shouldBypassFuseRestrictions(/*forWrite*/ true, newPath)) { |
| return renameUncheckedForFuse(oldPath, newPath); |
| } |
| // Legacy apps that made is this far don't have the right storage permission and hence |
| // are not allowed to access anything other than their external app directory |
| if (isCallingPackageRequestingLegacy()) { |
| return OsConstants.EACCES; |
| } |
| |
| final String[] oldRelativePath = sanitizePath(extractRelativePath(oldPath)); |
| final String[] newRelativePath = sanitizePath(extractRelativePath(newPath)); |
| if (oldRelativePath.length == 0 || newRelativePath.length == 0) { |
| // Rename not allowed on paths that can't be translated to RELATIVE_PATH. |
| Log.e(TAG, errorMessage + "Invalid path."); |
| return OsConstants.EPERM; |
| } |
| if (oldRelativePath.length == 1 && TextUtils.isEmpty(oldRelativePath[0])) { |
| // Allow rename of files/folders other than default directories. |
| final String displayName = extractDisplayName(oldPath); |
| for (String defaultFolder : DEFAULT_FOLDER_NAMES) { |
| if (displayName.equals(defaultFolder)) { |
| Log.e(TAG, errorMessage + oldPath + " is a default folder." |
| + " Renaming a default folder is not allowed."); |
| return OsConstants.EPERM; |
| } |
| } |
| } |
| if (newRelativePath.length == 1 && TextUtils.isEmpty(newRelativePath[0])) { |
| Log.e(TAG, errorMessage + newPath + " is in root folder." |
| + " Renaming a file/directory to root folder is not allowed"); |
| return OsConstants.EPERM; |
| } |
| |
| // TODO(b/177049768): We shouldn't use getExternalStorageDirectory for these checks. |
| final File directoryAndroid = new File(Environment.getExternalStorageDirectory(), |
| DIRECTORY_ANDROID_LOWER_CASE); |
| final File directoryAndroidMedia = new File(directoryAndroid, DIRECTORY_MEDIA); |
| if (directoryAndroidMedia.getAbsolutePath().equalsIgnoreCase(oldPath)) { |
| // Don't allow renaming 'Android/media' directory. |
| // Android/[data|obb] are bind mounted and these paths don't go through FUSE. |
| Log.e(TAG, errorMessage + oldPath + " is a default folder in app external " |
| + "directory. Renaming a default folder is not allowed."); |
| return OsConstants.EPERM; |
| } else if (FileUtils.contains(directoryAndroid, new File(newPath))) { |
| if (newRelativePath.length == 1) { |
| // New path is Android/*. Path is directly under Android. Don't allow moving |
| // files and directories to Android/. |
| Log.e(TAG, errorMessage + newPath + " is in app external directory. " |
| + "Renaming a file/directory to app external directory is not " |
| + "allowed."); |
| return OsConstants.EPERM; |
| } else if(!FileUtils.contains(directoryAndroidMedia, new File(newPath))) { |
| // New path is Android/*/*. Don't allow moving of files or directories |
| // to app external directory other than media directory. |
| Log.e(TAG, errorMessage + newPath + " is not in external media directory." |
| + "File/directory can only be renamed to a path in external media " |
| + "directory. Renaming file/directory to path in other external " |
| + "directories is not allowed"); |
| return OsConstants.EPERM; |
| } |
| } |
| |
| // Continue renaming files/directories if rename of oldPath to newPath is allowed. |
| if (new File(oldPath).isFile()) { |
| return renameFileCheckedForFuse(oldPath, newPath); |
| } else { |
| return renameDirectoryCheckedForFuse(oldPath, newPath); |
| } |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| |
| @Override |
| public int checkUriPermission(@NonNull Uri uri, int uid, |
| /* @Intent.AccessUriMode */ int modeFlags) { |
| final LocalCallingIdentity token = clearLocalCallingIdentity( |
| LocalCallingIdentity.fromExternal(getContext(), mUserCache, uid)); |
| |
| if (isRedactedUri(uri)) { |
| if ((modeFlags & Intent.FLAG_GRANT_WRITE_URI_PERMISSION) != 0) { |
| // we don't allow write grants on redacted uris. |
| return PackageManager.PERMISSION_DENIED; |
| } |
| |
| uri = getUriForRedactedUri(uri); |
| } |
| |
| if (isPickerUri(uri)) { |
| // Do not allow implicit access (by the virtue of ownership/permission) to picker uris. |
| // Picker uris should have explicit permission grants. |
| // If the calling app A has an explicit grant on picker uri, UriGrantsManagerService |
| // will check the grant status and allow app A to grant the uri to app B (without |
| // calling into MediaProvider) |
| return PackageManager.PERMISSION_DENIED; |
| } |
| |
| try { |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final int table = matchUri(uri, allowHidden); |
| |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(uri); |
| } catch (VolumeNotFoundException e) { |
| return PackageManager.PERMISSION_DENIED; |
| } |
| |
| final int type; |
| if ((modeFlags & Intent.FLAG_GRANT_WRITE_URI_PERMISSION) != 0) { |
| type = TYPE_UPDATE; |
| } else { |
| type = TYPE_QUERY; |
| } |
| |
| final SQLiteQueryBuilder qb = getQueryBuilder(type, table, uri, Bundle.EMPTY, null); |
| try (Cursor c = qb.query(helper, |
| new String[] { BaseColumns._ID }, null, null, null, null, null, null, null)) { |
| if (c.getCount() == 1) { |
| c.moveToFirst(); |
| final long cursorId = c.getLong(0); |
| |
| long uriId = -1; |
| try { |
| uriId = ContentUris.parseId(uri); |
| } catch (NumberFormatException ignored) { |
| // if the id is not a number, the uri doesn't have a valid ID at the end of |
| // the uri, (i.e., uri is uri of the table not of the item/row) |
| } |
| |
| if (uriId != -1 && cursorId == uriId) { |
| return PackageManager.PERMISSION_GRANTED; |
| } |
| } |
| } |
| |
| // For the uri with id cases, if it isn't returned in above query section, the result |
| // isn't as expected. Don't grant the permission. |
| switch (table) { |
| case AUDIO_MEDIA_ID: |
| case IMAGES_MEDIA_ID: |
| case VIDEO_MEDIA_ID: |
| case DOWNLOADS_ID: |
| case FILES_ID: |
| case AUDIO_MEDIA_ID_GENRES_ID: |
| case AUDIO_GENRES_ID: |
| case AUDIO_PLAYLISTS_ID: |
| case AUDIO_PLAYLISTS_ID_MEMBERS_ID: |
| case AUDIO_ARTISTS_ID: |
| case AUDIO_ALBUMS_ID: |
| return PackageManager.PERMISSION_DENIED; |
| default: |
| // continue below |
| } |
| |
| // If the uri is a valid content uri and doesn't have a valid ID at the end of the uri, |
| // (i.e., uri is uri of the table not of the item/row), and app doesn't request prefix |
| // grant, we are willing to grant this uri permission since this doesn't grant them any |
| // extra access. This grant will only grant permissions on given uri, it will not grant |
| // access to db rows of the corresponding table. |
| if ((modeFlags & Intent.FLAG_GRANT_PREFIX_URI_PERMISSION) == 0) { |
| return PackageManager.PERMISSION_GRANTED; |
| } |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| return PackageManager.PERMISSION_DENIED; |
| } |
| |
| @Override |
| public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, |
| String sortOrder) { |
| return query(uri, projection, |
| DatabaseUtils.createSqlQueryBundle(selection, selectionArgs, sortOrder), null); |
| } |
| |
| @Override |
| public Cursor query(Uri uri, String[] projection, Bundle queryArgs, CancellationSignal signal) { |
| return query(uri, projection, queryArgs, signal, /* forSelf */ false); |
| } |
| |
| private Cursor query(Uri uri, String[] projection, Bundle queryArgs, |
| CancellationSignal signal, boolean forSelf) { |
| Trace.beginSection("query"); |
| try { |
| return queryInternal(uri, projection, queryArgs, signal, forSelf); |
| } catch (FallbackException e) { |
| return e.translateForQuery(getCallingPackageTargetSdkVersion()); |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| private Cursor queryInternal(Uri uri, String[] projection, Bundle queryArgs, |
| CancellationSignal signal, boolean forSelf) throws FallbackException { |
| if (isPickerUri(uri)) { |
| return mPickerUriResolver.query(uri, projection, mCallingIdentity.get().pid, |
| mCallingIdentity.get().uid); |
| } |
| |
| final String volumeName = getVolumeName(uri); |
| PulledMetrics.logVolumeAccessViaMediaProvider(getCallingUidOrSelf(), volumeName); |
| queryArgs = (queryArgs != null) ? queryArgs : new Bundle(); |
| |
| // INCLUDED_DEFAULT_DIRECTORIES extra should only be set inside MediaProvider. |
| queryArgs.remove(INCLUDED_DEFAULT_DIRECTORIES); |
| |
| final ArraySet<String> honoredArgs = new ArraySet<>(); |
| DatabaseUtils.resolveQueryArgs(queryArgs, honoredArgs::add, this::ensureCustomCollator); |
| |
| Uri redactedUri = null; |
| // REDACTED_URI_BUNDLE_KEY extra should only be set inside MediaProvider. |
| queryArgs.remove(QUERY_ARG_REDACTED_URI); |
| if (isRedactedUri(uri)) { |
| redactedUri = uri; |
| uri = getUriForRedactedUri(uri); |
| queryArgs.putParcelable(QUERY_ARG_REDACTED_URI, redactedUri); |
| } |
| |
| uri = safeUncanonicalize(uri); |
| |
| final int targetSdkVersion = getCallingPackageTargetSdkVersion(); |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final int table = matchUri(uri, allowHidden); |
| |
| //Log.v(TAG, "query: uri="+uri+", selection="+selection); |
| // handle MEDIA_SCANNER before calling getDatabaseForUri() |
| if (table == MEDIA_SCANNER) { |
| // create a cursor to return volume currently being scanned by the media scanner |
| MatrixCursor c = new MatrixCursor(new String[] {MediaStore.MEDIA_SCANNER_VOLUME}); |
| c.addRow(new String[] {mMediaScannerVolume}); |
| return c; |
| } |
| |
| // Used temporarily (until we have unique media IDs) to get an identifier |
| // for the current sd card, so that the music app doesn't have to use the |
| // non-public getFatVolumeId method |
| if (table == FS_ID) { |
| MatrixCursor c = new MatrixCursor(new String[] {"fsid"}); |
| c.addRow(new Integer[] {mVolumeId}); |
| return c; |
| } |
| |
| if (table == VERSION) { |
| MatrixCursor c = new MatrixCursor(new String[] {"version"}); |
| c.addRow(new Integer[] {DatabaseHelper.getDatabaseVersion(getContext())}); |
| return c; |
| } |
| |
| // TODO(b/195008831): Add test to verify that apps can't access |
| if (table == PICKER_INTERNAL_MEDIA) { |
| return mPickerDataLayer.fetchMedia(queryArgs); |
| } else if (table == PICKER_INTERNAL_ALBUMS) { |
| return mPickerDataLayer.fetchAlbums(queryArgs); |
| } |
| |
| final DatabaseHelper helper = getDatabaseForUri(uri); |
| final SQLiteQueryBuilder qb = getQueryBuilder(TYPE_QUERY, table, uri, queryArgs, |
| honoredArgs::add); |
| |
| if (targetSdkVersion < Build.VERSION_CODES.R) { |
| // Some apps are abusing "ORDER BY" clauses to inject "LIMIT" |
| // clauses; gracefully lift them out. |
| DatabaseUtils.recoverAbusiveSortOrder(queryArgs); |
| |
| // Some apps are abusing the Uri query parameters to inject LIMIT |
| // clauses; gracefully lift them out. |
| DatabaseUtils.recoverAbusiveLimit(uri, queryArgs); |
| } |
| |
| if (targetSdkVersion < Build.VERSION_CODES.Q) { |
| // Some apps are abusing the "WHERE" clause by injecting "GROUP BY" |
| // clauses; gracefully lift them out. |
| DatabaseUtils.recoverAbusiveSelection(queryArgs); |
| |
| // Some apps are abusing the first column to inject "DISTINCT"; |
| // gracefully lift them out. |
| if ((projection != null) && (projection.length > 0) |
| && projection[0].startsWith("DISTINCT ")) { |
| projection[0] = projection[0].substring("DISTINCT ".length()); |
| qb.setDistinct(true); |
| } |
| |
| // Some apps are generating thumbnails with getThumbnail(), but then |
| // ignoring the returned Bitmap and querying the raw table; give |
| // them a row with enough information to find the original image. |
| final String selection = queryArgs.getString(QUERY_ARG_SQL_SELECTION); |
| if ((table == IMAGES_THUMBNAILS || table == VIDEO_THUMBNAILS) |
| && !TextUtils.isEmpty(selection)) { |
| final Matcher matcher = PATTERN_SELECTION_ID.matcher(selection); |
| if (matcher.matches()) { |
| final long id = Long.parseLong(matcher.group(1)); |
| |
| final Uri fullUri; |
| if (table == IMAGES_THUMBNAILS) { |
| fullUri = ContentUris.withAppendedId( |
| Images.Media.getContentUri(volumeName), id); |
| } else if (table == VIDEO_THUMBNAILS) { |
| fullUri = ContentUris.withAppendedId( |
| Video.Media.getContentUri(volumeName), id); |
| } else { |
| throw new IllegalArgumentException(); |
| } |
| |
| final MatrixCursor cursor = new MatrixCursor(projection); |
| final File file = ContentResolver.encodeToFile( |
| fullUri.buildUpon().appendPath("thumbnail").build()); |
| final String data = file.getAbsolutePath(); |
| cursor.newRow().add(MediaColumns._ID, null) |
| .add(Images.Thumbnails.IMAGE_ID, id) |
| .add(Video.Thumbnails.VIDEO_ID, id) |
| .add(MediaColumns.DATA, data); |
| return cursor; |
| } |
| } |
| } |
| |
| // Update locale if necessary. |
| if (helper.isInternal() && !Locale.getDefault().equals(mLastLocale)) { |
| Log.i(TAG, "Updating locale within queryInternal"); |
| onLocaleChanged(false); |
| } |
| |
| final Cursor c = qb.query(helper, projection, queryArgs, signal); |
| if (c != null && !forSelf) { |
| // As a performance optimization, only configure notifications when |
| // resulting cursor will leave our process |
| final boolean callerIsRemote = mCallingIdentity.get().pid != android.os.Process.myPid(); |
| if (callerIsRemote && !isFuseThread()) { |
| c.setNotificationUri(getContext().getContentResolver(), uri); |
| } |
| |
| final Bundle extras = new Bundle(); |
| extras.putStringArray(ContentResolver.EXTRA_HONORED_ARGS, |
| honoredArgs.toArray(new String[honoredArgs.size()])); |
| c.setExtras(extras); |
| } |
| |
| // Query was on a redacted URI, update the sensitive information such as the _ID, DATA etc. |
| if (redactedUri != null && c != null) { |
| try { |
| return getRedactedUriCursor(redactedUri, c); |
| } finally { |
| c.close(); |
| } |
| } |
| |
| return c; |
| } |
| |
| private boolean isUriSupportedForRedaction(Uri uri) { |
| final int match = matchUri(uri, true); |
| return REDACTED_URI_SUPPORTED_TYPES.contains(match); |
| } |
| |
| private Cursor getRedactedUriCursor(Uri redactedUri, @NonNull Cursor c) { |
| final HashSet<String> columnNames = new HashSet<>(Arrays.asList(c.getColumnNames())); |
| final MatrixCursor redactedUriCursor = new MatrixCursor(c.getColumnNames()); |
| final String redactedUriId = redactedUri.getLastPathSegment(); |
| |
| if (!c.moveToFirst()) { |
| return redactedUriCursor; |
| } |
| |
| // NOTE: It is safe to assume that there will only be one entry corresponding to a |
| // redacted URI as it corresponds to a unique DB entry. |
| if (c.getCount() != 1) { |
| throw new AssertionError("Two rows corresponding to " + redactedUri.toString() |
| + " found, when only one expected"); |
| } |
| |
| final MatrixCursor.RowBuilder row = redactedUriCursor.newRow(); |
| for (String columnName : c.getColumnNames()) { |
| final int colIndex = c.getColumnIndex(columnName); |
| if (c.getType(colIndex) == FIELD_TYPE_BLOB) { |
| row.add(c.getBlob(colIndex)); |
| } else { |
| row.add(c.getString(colIndex)); |
| } |
| } |
| |
| String ext = getFileExtensionFromCursor(c, columnNames); |
| ext = ext == null ? "" : "." + ext; |
| final String displayName = redactedUriId + ext; |
| final String data = buildPrimaryVolumeFile(uidToUserId(Binder.getCallingUid()), |
| getRedactedRelativePath(), displayName).getAbsolutePath(); |
| |
| updateRow(columnNames, MediaColumns._ID, row, redactedUriId); |
| updateRow(columnNames, MediaColumns.DISPLAY_NAME, row, displayName); |
| updateRow(columnNames, MediaColumns.RELATIVE_PATH, row, getRedactedRelativePath()); |
| updateRow(columnNames, MediaColumns.BUCKET_DISPLAY_NAME, row, getRedactedRelativePath()); |
| updateRow(columnNames, MediaColumns.DATA, row, data); |
| updateRow(columnNames, MediaColumns.DOCUMENT_ID, row, null); |
| updateRow(columnNames, MediaColumns.INSTANCE_ID, row, null); |
| updateRow(columnNames, MediaColumns.BUCKET_ID, row, null); |
| |
| return redactedUriCursor; |
| } |
| |
| @Nullable |
| private static String getFileExtensionFromCursor(@NonNull Cursor c, |
| @NonNull HashSet<String> columnNames) { |
| if (columnNames.contains(MediaColumns.DATA)) { |
| return extractFileExtension(c.getString(c.getColumnIndex(MediaColumns.DATA))); |
| } |
| if (columnNames.contains(MediaColumns.DISPLAY_NAME)) { |
| return extractFileExtension(c.getString(c.getColumnIndex(MediaColumns.DISPLAY_NAME))); |
| } |
| return null; |
| } |
| |
| private void updateRow(HashSet<String> columnNames, String columnName, |
| MatrixCursor.RowBuilder row, Object val) { |
| if (columnNames.contains(columnName)) { |
| row.add(columnName, val); |
| } |
| } |
| |
| private Uri getUriForRedactedUri(Uri redactedUri) { |
| final Uri.Builder builder = redactedUri.buildUpon(); |
| builder.path(null); |
| final List<String> segments = redactedUri.getPathSegments(); |
| for (int i = 0; i < segments.size() - 1; i++) { |
| builder.appendPath(segments.get(i)); |
| } |
| |
| DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(redactedUri); |
| } catch (VolumeNotFoundException e) { |
| throw e.rethrowAsIllegalArgumentException(); |
| } |
| |
| try (final Cursor c = helper.runWithoutTransaction( |
| (db) -> db.query("files", new String[]{MediaColumns._ID}, |
| FileColumns.REDACTED_URI_ID + "=?", |
| new String[]{redactedUri.getLastPathSegment()}, null, null, null))) { |
| if (!c.moveToFirst()) { |
| throw new IllegalArgumentException( |
| "Uri: " + redactedUri.toString() + " not found."); |
| } |
| |
| builder.appendPath(c.getString(0)); |
| return builder.build(); |
| } |
| } |
| |
| private boolean isRedactedUri(Uri uri) { |
| String id = uri.getLastPathSegment(); |
| return id != null && id.startsWith(REDACTED_URI_ID_PREFIX) |
| && id.length() == REDACTED_URI_ID_SIZE; |
| } |
| |
| @Override |
| public String getType(Uri url) { |
| final int match = matchUri(url, true); |
| switch (match) { |
| case IMAGES_MEDIA_ID: |
| case AUDIO_MEDIA_ID: |
| case AUDIO_PLAYLISTS_ID: |
| case AUDIO_PLAYLISTS_ID_MEMBERS_ID: |
| case VIDEO_MEDIA_ID: |
| case DOWNLOADS_ID: |
| case FILES_ID: |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try (Cursor cursor = queryForSingleItem(url, |
| new String[] { MediaColumns.MIME_TYPE }, null, null, null)) { |
| return cursor.getString(0); |
| } catch (FileNotFoundException e) { |
| throw new IllegalArgumentException(e.getMessage()); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| |
| case IMAGES_MEDIA: |
| case IMAGES_THUMBNAILS: |
| return Images.Media.CONTENT_TYPE; |
| |
| case AUDIO_ALBUMART_ID: |
| case AUDIO_ALBUMART_FILE_ID: |
| case IMAGES_THUMBNAILS_ID: |
| case VIDEO_THUMBNAILS_ID: |
| return "image/jpeg"; |
| |
| case AUDIO_MEDIA: |
| case AUDIO_GENRES_ID_MEMBERS: |
| case AUDIO_PLAYLISTS_ID_MEMBERS: |
| return Audio.Media.CONTENT_TYPE; |
| |
| case AUDIO_GENRES: |
| case AUDIO_MEDIA_ID_GENRES: |
| return Audio.Genres.CONTENT_TYPE; |
| case AUDIO_GENRES_ID: |
| case AUDIO_MEDIA_ID_GENRES_ID: |
| return Audio.Genres.ENTRY_CONTENT_TYPE; |
| case AUDIO_PLAYLISTS: |
| return Audio.Playlists.CONTENT_TYPE; |
| |
| case VIDEO_MEDIA: |
| return Video.Media.CONTENT_TYPE; |
| case DOWNLOADS: |
| return Downloads.CONTENT_TYPE; |
| |
| case PICKER_ID: |
| return mPickerUriResolver.getType(url); |
| } |
| throw new IllegalStateException("Unknown URL : " + url); |
| } |
| |
| @VisibleForTesting |
| void ensureFileColumns(@NonNull Uri uri, @NonNull ContentValues values) |
| throws VolumeArgumentException, VolumeNotFoundException { |
| final LocalUriMatcher matcher = new LocalUriMatcher(MediaStore.AUTHORITY); |
| final int match = matcher.matchUri(uri, true); |
| ensureNonUniqueFileColumns(match, uri, Bundle.EMPTY, values, null /* currentPath */); |
| } |
| |
| private void ensureUniqueFileColumns(int match, @NonNull Uri uri, @NonNull Bundle extras, |
| @NonNull ContentValues values, @Nullable String currentPath) |
| throws VolumeArgumentException, VolumeNotFoundException { |
| ensureFileColumns(match, uri, extras, values, true, currentPath); |
| } |
| |
| private void ensureNonUniqueFileColumns(int match, @NonNull Uri uri, |
| @NonNull Bundle extras, @NonNull ContentValues values, @Nullable String currentPath) |
| throws VolumeArgumentException, VolumeNotFoundException { |
| ensureFileColumns(match, uri, extras, values, false, currentPath); |
| } |
| |
| /** |
| * Get the various file-related {@link MediaColumns} in the given |
| * {@link ContentValues} into a consistent condition. Also validates that defined |
| * columns are valid for the given {@link Uri}, such as ensuring that only |
| * {@code image/*} can be inserted into |
| * {@link android.provider.MediaStore.Images}. |
| */ |
| private void ensureFileColumns(int match, @NonNull Uri uri, @NonNull Bundle extras, |
| @NonNull ContentValues values, boolean makeUnique, @Nullable String currentPath) |
| throws VolumeArgumentException, VolumeNotFoundException { |
| Trace.beginSection("ensureFileColumns"); |
| |
| Objects.requireNonNull(uri); |
| Objects.requireNonNull(extras); |
| Objects.requireNonNull(values); |
| |
| // Figure out defaults based on Uri being modified |
| String defaultMimeType = ClipDescription.MIMETYPE_UNKNOWN; |
| int defaultMediaType = FileColumns.MEDIA_TYPE_NONE; |
| String defaultPrimary = Environment.DIRECTORY_DOWNLOADS; |
| String defaultSecondary = null; |
| List<String> allowedPrimary = Arrays.asList( |
| Environment.DIRECTORY_DOWNLOADS, |
| Environment.DIRECTORY_DOCUMENTS); |
| switch (match) { |
| case AUDIO_MEDIA: |
| case AUDIO_MEDIA_ID: |
| defaultMimeType = "audio/mpeg"; |
| defaultMediaType = FileColumns.MEDIA_TYPE_AUDIO; |
| defaultPrimary = Environment.DIRECTORY_MUSIC; |
| if (SdkLevel.isAtLeastS()) { |
| allowedPrimary = Arrays.asList( |
| Environment.DIRECTORY_ALARMS, |
| Environment.DIRECTORY_AUDIOBOOKS, |
| Environment.DIRECTORY_MUSIC, |
| Environment.DIRECTORY_NOTIFICATIONS, |
| Environment.DIRECTORY_PODCASTS, |
| Environment.DIRECTORY_RECORDINGS, |
| Environment.DIRECTORY_RINGTONES); |
| } else { |
| allowedPrimary = Arrays.asList( |
| Environment.DIRECTORY_ALARMS, |
| Environment.DIRECTORY_AUDIOBOOKS, |
| Environment.DIRECTORY_MUSIC, |
| Environment.DIRECTORY_NOTIFICATIONS, |
| Environment.DIRECTORY_PODCASTS, |
| FileUtils.DIRECTORY_RECORDINGS, |
| Environment.DIRECTORY_RINGTONES); |
| } |
| break; |
| case VIDEO_MEDIA: |
| case VIDEO_MEDIA_ID: |
| defaultMimeType = "video/mp4"; |
| defaultMediaType = FileColumns.MEDIA_TYPE_VIDEO; |
| defaultPrimary = Environment.DIRECTORY_MOVIES; |
| allowedPrimary = Arrays.asList( |
| Environment.DIRECTORY_DCIM, |
| Environment.DIRECTORY_MOVIES, |
| Environment.DIRECTORY_PICTURES); |
| break; |
| case IMAGES_MEDIA: |
| case IMAGES_MEDIA_ID: |
| defaultMimeType = "image/jpeg"; |
| defaultMediaType = FileColumns.MEDIA_TYPE_IMAGE; |
| defaultPrimary = Environment.DIRECTORY_PICTURES; |
| allowedPrimary = Arrays.asList( |
| Environment.DIRECTORY_DCIM, |
| Environment.DIRECTORY_PICTURES); |
| break; |
| case AUDIO_ALBUMART: |
| case AUDIO_ALBUMART_ID: |
| defaultMimeType = "image/jpeg"; |
| defaultMediaType = FileColumns.MEDIA_TYPE_IMAGE; |
| defaultPrimary = Environment.DIRECTORY_MUSIC; |
| allowedPrimary = Arrays.asList(defaultPrimary); |
| defaultSecondary = DIRECTORY_THUMBNAILS; |
| break; |
| case VIDEO_THUMBNAILS: |
| case VIDEO_THUMBNAILS_ID: |
| defaultMimeType = "image/jpeg"; |
| defaultMediaType = FileColumns.MEDIA_TYPE_IMAGE; |
| defaultPrimary = Environment.DIRECTORY_MOVIES; |
| allowedPrimary = Arrays.asList(defaultPrimary); |
| defaultSecondary = DIRECTORY_THUMBNAILS; |
| break; |
| case IMAGES_THUMBNAILS: |
| case IMAGES_THUMBNAILS_ID: |
| defaultMimeType = "image/jpeg"; |
| defaultMediaType = FileColumns.MEDIA_TYPE_IMAGE; |
| defaultPrimary = Environment.DIRECTORY_PICTURES; |
| allowedPrimary = Arrays.asList(defaultPrimary); |
| defaultSecondary = DIRECTORY_THUMBNAILS; |
| break; |
| case AUDIO_PLAYLISTS: |
| case AUDIO_PLAYLISTS_ID: |
| defaultMimeType = "audio/mpegurl"; |
| defaultMediaType = FileColumns.MEDIA_TYPE_PLAYLIST; |
| defaultPrimary = Environment.DIRECTORY_MUSIC; |
| allowedPrimary = Arrays.asList( |
| Environment.DIRECTORY_MUSIC, |
| Environment.DIRECTORY_MOVIES); |
| break; |
| case DOWNLOADS: |
| case DOWNLOADS_ID: |
| defaultPrimary = Environment.DIRECTORY_DOWNLOADS; |
| allowedPrimary = Arrays.asList(defaultPrimary); |
| break; |
| case FILES: |
| case FILES_ID: |
| // Use defaults above |
| break; |
| default: |
| Log.w(TAG, "Unhandled location " + uri + "; assuming generic files"); |
| break; |
| } |
| |
| final String resolvedVolumeName = resolveVolumeName(uri); |
| |
| if (TextUtils.isEmpty(values.getAsString(MediaColumns.DATA)) |
| && MediaStore.VOLUME_INTERNAL.equals(resolvedVolumeName)) { |
| // TODO: promote this to top-level check |
| throw new UnsupportedOperationException( |
| "Writing to internal storage is not supported."); |
| } |
| |
| // Force values when raw path provided |
| if (!TextUtils.isEmpty(values.getAsString(MediaColumns.DATA))) { |
| FileUtils.computeValuesFromData(values, isFuseThread()); |
| } |
| |
| final boolean isTargetSdkROrHigher = |
| getCallingPackageTargetSdkVersion() >= Build.VERSION_CODES.R; |
| final String displayName = values.getAsString(MediaColumns.DISPLAY_NAME); |
| final String mimeTypeFromExt = TextUtils.isEmpty(displayName) ? null : |
| MimeUtils.resolveMimeType(new File(displayName)); |
| |
| if (TextUtils.isEmpty(values.getAsString(MediaColumns.MIME_TYPE))) { |
| if (isTargetSdkROrHigher) { |
| // Extract the MIME type from the display name if we couldn't resolve it from the |
| // raw path |
| if (mimeTypeFromExt != null) { |
| values.put(MediaColumns.MIME_TYPE, mimeTypeFromExt); |
| } else { |
| // We couldn't resolve mimeType, it means that both display name and MIME type |
| // were missing in values, so we use defaultMimeType. |
| values.put(MediaColumns.MIME_TYPE, defaultMimeType); |
| } |
| } else if (defaultMediaType == FileColumns.MEDIA_TYPE_NONE) { |
| values.put(MediaColumns.MIME_TYPE, mimeTypeFromExt); |
| } else { |
| // We don't use mimeTypeFromExt to preserve legacy behavior. |
| values.put(MediaColumns.MIME_TYPE, defaultMimeType); |
| } |
| } |
| |
| String mimeType = values.getAsString(MediaColumns.MIME_TYPE); |
| if (defaultMediaType == FileColumns.MEDIA_TYPE_NONE) { |
| // We allow any mimeType for generic uri with default media type as MEDIA_TYPE_NONE. |
| } else if (mimeType != null && |
| MimeTypeMap.getSingleton().getExtensionFromMimeType(mimeType) == null) { |
| if (mimeTypeFromExt != null && |
| defaultMediaType == MimeUtils.resolveMediaType(mimeTypeFromExt)) { |
| // If mimeType from extension matches the defaultMediaType of uri, we use mimeType |
| // from file extension as mimeType. This is an effort to guess the mimeType when we |
| // get unsupported mimeType. |
| // Note: We can't force defaultMimeType because when we force defaultMimeType, we |
| // will force the file extension as well. For example, if DISPLAY_NAME=Foo.png and |
| // mimeType="image/*". If we force mimeType to be "image/jpeg", we append the file |
| // name with the new file extension i.e., "Foo.png.jpg" where as the expected file |
| // name was "Foo.png" |
| values.put(MediaColumns.MIME_TYPE, mimeTypeFromExt); |
| } else if (isTargetSdkROrHigher) { |
| // We are here because given mimeType is unsupported also we couldn't guess valid |
| // mimeType from file extension. |
| throw new IllegalArgumentException("Unsupported MIME type " + mimeType); |
| } else { |
| // We can't throw error for legacy apps, so we try to use defaultMimeType. |
| values.put(MediaColumns.MIME_TYPE, defaultMimeType); |
| } |
| } |
| |
| // Give ourselves reasonable defaults when missing |
| if (TextUtils.isEmpty(values.getAsString(MediaColumns.DISPLAY_NAME))) { |
| values.put(MediaColumns.DISPLAY_NAME, |
| String.valueOf(System.currentTimeMillis())); |
| } |
| final Integer formatObject = values.getAsInteger(FileColumns.FORMAT); |
| final int format = formatObject == null ? 0 : formatObject.intValue(); |
| if (format == MtpConstants.FORMAT_ASSOCIATION) { |
| values.putNull(MediaColumns.MIME_TYPE); |
| } |
| |
| mimeType = values.getAsString(MediaColumns.MIME_TYPE); |
| // Quick check MIME type against table |
| if (mimeType != null) { |
| PulledMetrics.logMimeTypeAccess(getCallingUidOrSelf(), mimeType); |
| final int actualMediaType = MimeUtils.resolveMediaType(mimeType); |
| if (defaultMediaType == FileColumns.MEDIA_TYPE_NONE) { |
| // Give callers an opportunity to work with playlists and |
| // subtitles using the generic files table |
| switch (actualMediaType) { |
| case FileColumns.MEDIA_TYPE_PLAYLIST: |
| defaultMimeType = "audio/mpegurl"; |
| defaultMediaType = FileColumns.MEDIA_TYPE_PLAYLIST; |
| defaultPrimary = Environment.DIRECTORY_MUSIC; |
| allowedPrimary = new ArrayList<>(allowedPrimary); |
| allowedPrimary.add(Environment.DIRECTORY_MUSIC); |
| allowedPrimary.add(Environment.DIRECTORY_MOVIES); |
| break; |
| case FileColumns.MEDIA_TYPE_SUBTITLE: |
| defaultMimeType = "application/x-subrip"; |
| defaultMediaType = FileColumns.MEDIA_TYPE_SUBTITLE; |
| defaultPrimary = Environment.DIRECTORY_MOVIES; |
| allowedPrimary = new ArrayList<>(allowedPrimary); |
| allowedPrimary.add(Environment.DIRECTORY_MUSIC); |
| allowedPrimary.add(Environment.DIRECTORY_MOVIES); |
| break; |
| } |
| } else if (defaultMediaType != actualMediaType) { |
| final String[] split = defaultMimeType.split("/"); |
| throw new IllegalArgumentException( |
| "MIME type " + mimeType + " cannot be inserted into " + uri |
| + "; expected MIME type under " + split[0] + "/*"); |
| } |
| } |
| |
| // Use default directories when missing |
| if (TextUtils.isEmpty(values.getAsString(MediaColumns.RELATIVE_PATH))) { |
| if (defaultSecondary != null) { |
| values.put(MediaColumns.RELATIVE_PATH, |
| defaultPrimary + '/' + defaultSecondary + '/'); |
| } else { |
| values.put(MediaColumns.RELATIVE_PATH, |
| defaultPrimary + '/'); |
| } |
| } |
| |
| // Generate path when undefined |
| if (TextUtils.isEmpty(values.getAsString(MediaColumns.DATA))) { |
| // Note that just the volume name isn't enough to determine the path, |
| // since we can manage different volumes with the same name for |
| // different users. Instead, if we have a current path (which implies |
| // an already existing file to be renamed), use that to derive the |
| // user-id of the file, and in turn use that to derive the correct |
| // volume. Cross-user renames are not supported without a specified |
| // DATA column. |
| File volumePath; |
| UserHandle userHandle = mCallingIdentity.get().getUser(); |
| if (currentPath != null) { |
| int userId = FileUtils.extractUserId(currentPath); |
| if (userId != -1) { |
| userHandle = UserHandle.of(userId); |
| } |
| } |
| try { |
| volumePath = mVolumeCache.getVolumePath(resolvedVolumeName, userHandle); |
| } catch (FileNotFoundException e) { |
| throw new IllegalArgumentException(e); |
| } |
| |
| FileUtils.sanitizeValues(values, /*rewriteHiddenFileName*/ !isFuseThread()); |
| FileUtils.computeDataFromValues(values, volumePath, isFuseThread()); |
| |
| // Create result file |
| File res = new File(values.getAsString(MediaColumns.DATA)); |
| try { |
| if (makeUnique) { |
| res = FileUtils.buildUniqueFile(res.getParentFile(), |
| mimeType, res.getName()); |
| } else { |
| res = FileUtils.buildNonUniqueFile(res.getParentFile(), |
| mimeType, res.getName()); |
| } |
| } catch (FileNotFoundException e) { |
| throw new IllegalStateException( |
| "Failed to build unique file: " + res + " " + values); |
| } |
| |
| // Require that content lives under well-defined directories to help |
| // keep the user's content organized |
| |
| // Start by saying unchanged directories are valid |
| final String currentDir = (currentPath != null) |
| ? new File(currentPath).getParent() : null; |
| boolean validPath = res.getParent().equals(currentDir); |
| |
| // Next, consider allowing based on allowed primary directory |
| final String[] relativePath = values.getAsString(MediaColumns.RELATIVE_PATH).split("/"); |
| final String primary = extractTopLevelDir(relativePath); |
| if (!validPath) { |
| validPath = containsIgnoreCase(allowedPrimary, primary); |
| } |
| |
| // Next, consider allowing paths when referencing a related item |
| final Uri relatedUri = extras.getParcelable(QUERY_ARG_RELATED_URI); |
| if (!validPath && relatedUri != null) { |
| try (Cursor c = queryForSingleItem(relatedUri, new String[] { |
| MediaColumns.MIME_TYPE, |
| MediaColumns.RELATIVE_PATH, |
| }, null, null, null)) { |
| // If top-level MIME type matches, and relative path |
| // matches, then allow caller to place things here |
| |
| final String expectedType = MimeUtils.extractPrimaryType( |
| c.getString(0)); |
| final String actualType = MimeUtils.extractPrimaryType( |
| values.getAsString(MediaColumns.MIME_TYPE)); |
| if (!Objects.equals(expectedType, actualType)) { |
| throw new IllegalArgumentException("Placement of " + actualType |
| + " item not allowed in relation to " + expectedType + " item"); |
| } |
| |
| final String expectedPath = c.getString(1); |
| final String actualPath = values.getAsString(MediaColumns.RELATIVE_PATH); |
| if (!Objects.equals(expectedPath, actualPath)) { |
| throw new IllegalArgumentException("Placement of " + actualPath |
| + " item not allowed in relation to " + expectedPath + " item"); |
| } |
| |
| // If we didn't see any trouble above, then we'll allow it |
| validPath = true; |
| } catch (FileNotFoundException e) { |
| Log.w(TAG, "Failed to find related item " + relatedUri + ": " + e); |
| } |
| } |
| |
| // Consider allowing external media directory of calling package |
| if (!validPath) { |
| final String pathOwnerPackage = extractPathOwnerPackageName(res.getAbsolutePath()); |
| if (pathOwnerPackage != null) { |
| validPath = isExternalMediaDirectory(res.getAbsolutePath()) && |
| isCallingIdentitySharedPackageName(pathOwnerPackage); |
| } |
| } |
| |
| // Allow apps with MANAGE_EXTERNAL_STORAGE to create files anywhere |
| if (!validPath) { |
| validPath = isCallingPackageManager(); |
| } |
| |
| // Allow system gallery to create image/video files. |
| if (!validPath) { |
| // System gallery can create image/video files in any existing directory, it can |
| // also create subdirectories in any existing top-level directory. However, system |
| // gallery is not allowed to create non-default top level directory. |
| final boolean createNonDefaultTopLevelDir = primary != null && |
| !FileUtils.buildPath(volumePath, primary).exists(); |
| validPath = !createNonDefaultTopLevelDir && canAccessMediaFile( |
| res.getAbsolutePath(), /*excludeNonSystemGallery*/ true); |
| } |
| |
| // Nothing left to check; caller can't use this path |
| if (!validPath) { |
| throw new IllegalArgumentException( |
| "Primary directory " + primary + " not allowed for " + uri |
| + "; allowed directories are " + allowedPrimary); |
| } |
| |
| boolean isFuseThread = isFuseThread(); |
| // Check if the following are true: |
| // 1. Not a FUSE thread |
| // 2. |res| is a child of a default dir and the default dir is missing |
| // If true, we want to update the mTime of the volume root, after creating the dir |
| // on the lower filesystem. This fixes some FileManagers relying on the mTime change |
| // for UI updates |
| File defaultDirVolumePath = |
| isFuseThread ? null : checkDefaultDirMissing(resolvedVolumeName, res); |
| // Ensure all parent folders of result file exist |
| res.getParentFile().mkdirs(); |
| if (!res.getParentFile().exists()) { |
| throw new IllegalStateException("Failed to create directory: " + res); |
| } |
| touchFusePath(defaultDirVolumePath); |
| |
| values.put(MediaColumns.DATA, res.getAbsolutePath()); |
| // buildFile may have changed the file name, compute values to extract new DISPLAY_NAME. |
| // Note: We can't extract displayName from res.getPath() because for pending & trashed |
| // files DISPLAY_NAME will not be same as file name. |
| FileUtils.computeValuesFromData(values, isFuseThread); |
| } else { |
| assertFileColumnsConsistent(match, uri, values); |
| } |
| |
| assertPrivatePathNotInValues(values); |
| |
| // Drop columns that aren't relevant for special tables |
| switch (match) { |
| case AUDIO_ALBUMART: |
| case VIDEO_THUMBNAILS: |
| case IMAGES_THUMBNAILS: |
| final Set<String> valid = getProjectionMap(MediaStore.Images.Thumbnails.class) |
| .keySet(); |
| for (String key : new ArraySet<>(values.keySet())) { |
| if (!valid.contains(key)) { |
| values.remove(key); |
| } |
| } |
| break; |
| } |
| |
| Trace.endSection(); |
| } |
| |
| /** |
| * For apps targetSdk >= S: Check that values does not contain any external private path. |
| * For all apps: Check that values does not contain any other app's external private paths. |
| */ |
| private void assertPrivatePathNotInValues(ContentValues values) |
| throws IllegalArgumentException { |
| ArrayList<String> relativePaths = new ArrayList<String>(); |
| relativePaths.add(extractRelativePath(values.getAsString(MediaColumns.DATA))); |
| relativePaths.add(values.getAsString(MediaColumns.RELATIVE_PATH)); |
| |
| for (final String relativePath : relativePaths) { |
| if (!isDataOrObbRelativePath(relativePath)) { |
| continue; |
| } |
| |
| /** |
| * Don't allow apps to insert/update database row to files in Android/data or |
| * Android/obb dirs. These are app private directories and files in these private |
| * directories can't be added to public media collection. |
| * |
| * Note: For backwards compatibility we allow apps with targetSdk < S to insert private |
| * files to MediaProvider |
| */ |
| if (CompatChanges.isChangeEnabled(ENABLE_CHECKS_FOR_PRIVATE_FILES, |
| Binder.getCallingUid())) { |
| throw new IllegalArgumentException( |
| "Inserting private file: " + relativePath + " is not allowed."); |
| } |
| |
| /** |
| * Restrict all (legacy and non-legacy) apps from inserting paths in other |
| * app's private directories. |
| * Allow legacy apps to insert/update files in app private directories for backward |
| * compatibility but don't allow them to do so in other app's private directories. |
| */ |
| if (!isCallingIdentityAllowedAccessToDataOrObbPath(relativePath)) { |
| throw new IllegalArgumentException( |
| "Inserting private file: " + relativePath + " is not allowed."); |
| } |
| } |
| } |
| |
| /** |
| * @return the default dir if {@code file} is a child of default dir and it's missing, |
| * {@code null} otherwise. |
| */ |
| private File checkDefaultDirMissing(String volumeName, File file) { |
| String topLevelDir = FileUtils.extractTopLevelDir(file.getPath()); |
| if (topLevelDir != null && FileUtils.isDefaultDirectoryName(topLevelDir)) { |
| try { |
| File volumePath = getVolumePath(volumeName); |
| if (!new File(volumePath, topLevelDir).exists()) { |
| return volumePath; |
| } |
| } catch (FileNotFoundException e) { |
| Log.w(TAG, "Failed to checkDefaultDirMissing for " + file, e); |
| } |
| } |
| return null; |
| } |
| |
| /** Updates mTime of {@code path} on the FUSE filesystem */ |
| private void touchFusePath(@Nullable File path) { |
| if (path != null) { |
| // Touch root of volume to update mTime on FUSE filesystem |
| // This allows FileManagers that may be relying on mTime changes to update their UI |
| File fusePath = toFuseFile(path); |
| if (fusePath != null) { |
| Log.i(TAG, "Touching FUSE path " + fusePath); |
| fusePath.setLastModified(System.currentTimeMillis()); |
| } |
| } |
| } |
| |
| /** |
| * Check that any requested {@link MediaColumns#DATA} paths actually |
| * live on the storage volume being targeted. |
| */ |
| private void assertFileColumnsConsistent(int match, Uri uri, ContentValues values) |
| throws VolumeArgumentException, VolumeNotFoundException { |
| if (!values.containsKey(MediaColumns.DATA)) return; |
| |
| final String volumeName = resolveVolumeName(uri); |
| try { |
| // Quick check that the requested path actually lives on volume |
| final Collection<File> allowed = getAllowedVolumePaths(volumeName); |
| final File actual = new File(values.getAsString(MediaColumns.DATA)) |
| .getCanonicalFile(); |
| if (!FileUtils.contains(allowed, actual)) { |
| throw new VolumeArgumentException(actual, allowed); |
| } |
| } catch (IOException e) { |
| throw new VolumeNotFoundException(volumeName); |
| } |
| } |
| |
| @Override |
| public int bulkInsert(Uri uri, ContentValues[] values) { |
| final int targetSdkVersion = getCallingPackageTargetSdkVersion(); |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final int match = matchUri(uri, allowHidden); |
| |
| if (match == VOLUMES) { |
| return super.bulkInsert(uri, values); |
| } |
| |
| if (match == AUDIO_PLAYLISTS_ID || match == AUDIO_PLAYLISTS_ID_MEMBERS) { |
| final String resolvedVolumeName = resolveVolumeName(uri); |
| |
| final long playlistId = Long.parseLong(uri.getPathSegments().get(3)); |
| final Uri playlistUri = ContentUris.withAppendedId( |
| MediaStore.Audio.Playlists.getContentUri(resolvedVolumeName), playlistId); |
| |
| final String audioVolumeName = |
| MediaStore.VOLUME_INTERNAL.equals(resolvedVolumeName) |
| ? MediaStore.VOLUME_INTERNAL : MediaStore.VOLUME_EXTERNAL; |
| |
| // Require that caller has write access to underlying media |
| enforceCallingPermission(playlistUri, Bundle.EMPTY, true); |
| for (ContentValues each : values) { |
| final long audioId = each.getAsLong(Audio.Playlists.Members.AUDIO_ID); |
| final Uri audioUri = Audio.Media.getContentUri(audioVolumeName, audioId); |
| enforceCallingPermission(audioUri, Bundle.EMPTY, false); |
| } |
| |
| return bulkInsertPlaylist(playlistUri, values); |
| } |
| |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(uri); |
| } catch (VolumeNotFoundException e) { |
| return e.translateForUpdateDelete(targetSdkVersion); |
| } |
| |
| helper.beginTransaction(); |
| try { |
| final int result = super.bulkInsert(uri, values); |
| helper.setTransactionSuccessful(); |
| return result; |
| } finally { |
| helper.endTransaction(); |
| } |
| } |
| |
| private int bulkInsertPlaylist(@NonNull Uri uri, @NonNull ContentValues[] values) { |
| Trace.beginSection("bulkInsertPlaylist"); |
| try { |
| try { |
| return addPlaylistMembers(uri, values); |
| } catch (SQLiteConstraintException e) { |
| if (getCallingPackageTargetSdkVersion() >= Build.VERSION_CODES.R) { |
| throw e; |
| } else { |
| return 0; |
| } |
| } |
| } catch (FallbackException e) { |
| return e.translateForBulkInsert(getCallingPackageTargetSdkVersion()); |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| private long insertDirectory(@NonNull SQLiteDatabase db, @NonNull String path) { |
| if (LOGV) Log.v(TAG, "inserting directory " + path); |
| ContentValues values = new ContentValues(); |
| values.put(FileColumns.FORMAT, MtpConstants.FORMAT_ASSOCIATION); |
| values.put(FileColumns.DATA, path); |
| values.put(FileColumns.PARENT, getParent(db, path)); |
| values.put(FileColumns.OWNER_PACKAGE_NAME, extractPathOwnerPackageName(path)); |
| values.put(FileColumns.VOLUME_NAME, extractVolumeName(path)); |
| values.put(FileColumns.RELATIVE_PATH, extractRelativePath(path)); |
| values.put(FileColumns.DISPLAY_NAME, extractDisplayName(path)); |
| values.put(FileColumns.IS_DOWNLOAD, isDownload(path) ? 1 : 0); |
| File file = new File(path); |
| if (file.exists()) { |
| values.put(FileColumns.DATE_MODIFIED, file.lastModified() / 1000); |
| } |
| return db.insert("files", FileColumns.DATE_MODIFIED, values); |
| } |
| |
| private long getParent(@NonNull SQLiteDatabase db, @NonNull String path) { |
| final String parentPath = new File(path).getParent(); |
| if (Objects.equals("/", parentPath)) { |
| return -1; |
| } else { |
| synchronized (mDirectoryCache) { |
| Long id = mDirectoryCache.get(parentPath); |
| if (id != null) { |
| return id; |
| } |
| } |
| |
| final long id; |
| try (Cursor c = db.query("files", new String[] { FileColumns._ID }, |
| FileColumns.DATA + "=?", new String[] { parentPath }, null, null, null)) { |
| if (c.moveToFirst()) { |
| id = c.getLong(0); |
| } else { |
| id = insertDirectory(db, parentPath); |
| } |
| } |
| |
| synchronized (mDirectoryCache) { |
| mDirectoryCache.put(parentPath, id); |
| } |
| return id; |
| } |
| } |
| |
| /** |
| * @param c the Cursor whose title to retrieve |
| * @return the result of {@link #getDefaultTitle(String)} if the result is valid; otherwise |
| * the value of the {@code MediaStore.Audio.Media.TITLE} column |
| */ |
| private String getDefaultTitleFromCursor(Cursor c) { |
| String title = null; |
| final int columnIndex = c.getColumnIndex("title_resource_uri"); |
| // Necessary to check for existence because we may be reading from an old DB version |
| if (columnIndex > -1) { |
| final String titleResourceUri = c.getString(columnIndex); |
| if (titleResourceUri != null) { |
| try { |
| title = getDefaultTitle(titleResourceUri); |
| } catch (Exception e) { |
| // Best attempt only |
| } |
| } |
| } |
| if (title == null) { |
| title = c.getString(c.getColumnIndex(MediaStore.Audio.Media.TITLE)); |
| } |
| return title; |
| } |
| |
| /** |
| * @param title_resource_uri The title resource for which to retrieve the default localization |
| * @return The title localized to {@code Locale.US}, or {@code null} if unlocalizable |
| * @throws Exception Thrown if the title appears to be localizable, but the localization failed |
| * for any reason. For example, the application from which the localized title is fetched is not |
| * installed, or it does not have the resource which needs to be localized |
| */ |
| private String getDefaultTitle(String title_resource_uri) throws Exception{ |
| try { |
| return getTitleFromResourceUri(title_resource_uri, false); |
| } catch (Exception e) { |
| Log.e(TAG, "Error getting default title for " + title_resource_uri, e); |
| throw e; |
| } |
| } |
| |
| /** |
| * @param title_resource_uri The title resource to localize |
| * @return The localized title, or {@code null} if unlocalizable |
| * @throws Exception Thrown if the title appears to be localizable, but the localization failed |
| * for any reason. For example, the application from which the localized title is fetched is not |
| * installed, or it does not have the resource which needs to be localized |
| */ |
| private String getLocalizedTitle(String title_resource_uri) throws Exception { |
| try { |
| return getTitleFromResourceUri(title_resource_uri, true); |
| } catch (Exception e) { |
| Log.e(TAG, "Error getting localized title for " + title_resource_uri, e); |
| throw e; |
| } |
| } |
| |
| /** |
| * Localizable titles conform to this URI pattern: |
| * Scheme: {@link ContentResolver.SCHEME_ANDROID_RESOURCE} |
| * Authority: Package Name of ringtone title provider |
| * First Path Segment: Type of resource (must be "string") |
| * Second Path Segment: Resource name of title |
| * |
| * @param title_resource_uri The title resource to retrieve |
| * @param localize Whether or not to localize the title |
| * @return The title, or {@code null} if unlocalizable |
| * @throws Exception Thrown if the title appears to be localizable, but the localization failed |
| * for any reason. For example, the application from which the localized title is fetched is not |
| * installed, or it does not have the resource which needs to be localized |
| */ |
| private String getTitleFromResourceUri(String title_resource_uri, boolean localize) |
| throws Exception { |
| if (TextUtils.isEmpty(title_resource_uri)) { |
| return null; |
| } |
| final Uri titleUri = Uri.parse(title_resource_uri); |
| final String scheme = titleUri.getScheme(); |
| if (!ContentResolver.SCHEME_ANDROID_RESOURCE.equals(scheme)) { |
| return null; |
| } |
| final List<String> pathSegments = titleUri.getPathSegments(); |
| if (pathSegments.size() != 2) { |
| Log.e(TAG, "Error getting localized title for " + title_resource_uri |
| + ", must have 2 path segments"); |
| return null; |
| } |
| final String type = pathSegments.get(0); |
| if (!"string".equals(type)) { |
| Log.e(TAG, "Error getting localized title for " + title_resource_uri |
| + ", first path segment must be \"string\""); |
| return null; |
| } |
| final String packageName = titleUri.getAuthority(); |
| final Resources resources; |
| if (localize) { |
| resources = mPackageManager.getResourcesForApplication(packageName); |
| } else { |
| final Context packageContext = getContext().createPackageContext(packageName, 0); |
| final Configuration configuration = packageContext.getResources().getConfiguration(); |
| configuration.setLocale(Locale.US); |
| resources = packageContext.createConfigurationContext(configuration).getResources(); |
| } |
| final String resourceIdentifier = pathSegments.get(1); |
| final int id = resources.getIdentifier(resourceIdentifier, type, packageName); |
| return resources.getString(id); |
| } |
| |
| public void onLocaleChanged() { |
| onLocaleChanged(true); |
| } |
| |
| private void onLocaleChanged(boolean forceUpdate) { |
| mInternalDatabase.runWithTransaction((db) -> { |
| if (forceUpdate || !mLastLocale.equals(Locale.getDefault())) { |
| localizeTitles(db); |
| mLastLocale = Locale.getDefault(); |
| } |
| return null; |
| }); |
| } |
| |
| private void localizeTitles(@NonNull SQLiteDatabase db) { |
| try (Cursor c = db.query("files", new String[]{"_id", "title_resource_uri"}, |
| "title_resource_uri IS NOT NULL", null, null, null, null)) { |
| while (c.moveToNext()) { |
| final String id = c.getString(0); |
| final String titleResourceUri = c.getString(1); |
| final ContentValues values = new ContentValues(); |
| try { |
| values.put(AudioColumns.TITLE_RESOURCE_URI, titleResourceUri); |
| computeAudioLocalizedValues(values); |
| computeAudioKeyValues(values); |
| db.update("files", values, "_id=?", new String[]{id}); |
| } catch (Exception e) { |
| Log.e(TAG, "Error updating localized title for " + titleResourceUri |
| + ", keeping old localization"); |
| } |
| } |
| } |
| } |
| |
| private Uri insertFile(@NonNull SQLiteQueryBuilder qb, @NonNull DatabaseHelper helper, |
| int match, @NonNull Uri uri, @NonNull Bundle extras, @NonNull ContentValues values, |
| int mediaType) throws VolumeArgumentException, VolumeNotFoundException { |
| boolean wasPathEmpty = !values.containsKey(MediaStore.MediaColumns.DATA) |
| || TextUtils.isEmpty(values.getAsString(MediaStore.MediaColumns.DATA)); |
| |
| // Make sure all file-related columns are defined |
| ensureUniqueFileColumns(match, uri, extras, values, null); |
| |
| switch (mediaType) { |
| case FileColumns.MEDIA_TYPE_AUDIO: { |
| computeAudioLocalizedValues(values); |
| computeAudioKeyValues(values); |
| break; |
| } |
| } |
| |
| // compute bucket_id and bucket_display_name for all files |
| String path = values.getAsString(MediaStore.MediaColumns.DATA); |
| FileUtils.computeValuesFromData(values, isFuseThread()); |
| values.put(MediaStore.MediaColumns.DATE_ADDED, System.currentTimeMillis() / 1000); |
| |
| String title = values.getAsString(MediaStore.MediaColumns.TITLE); |
| if (title == null && path != null) { |
| title = extractFileName(path); |
| } |
| values.put(FileColumns.TITLE, title); |
| |
| String mimeType = null; |
| int format = MtpConstants.FORMAT_ASSOCIATION; |
| if (path != null && new File(path).isDirectory()) { |
| values.put(FileColumns.FORMAT, MtpConstants.FORMAT_ASSOCIATION); |
| values.putNull(MediaStore.MediaColumns.MIME_TYPE); |
| } else { |
| mimeType = values.getAsString(MediaStore.MediaColumns.MIME_TYPE); |
| final Integer formatObject = values.getAsInteger(FileColumns.FORMAT); |
| format = (formatObject == null ? 0 : formatObject.intValue()); |
| } |
| |
| if (format == 0) { |
| format = MimeUtils.resolveFormatCode(mimeType); |
| } |
| if (path != null && path.endsWith("/")) { |
| // TODO: convert to using FallbackException once VERSION_CODES.S is defined |
| Log.e(TAG, "directory has trailing slash: " + path); |
| return null; |
| } |
| if (format != 0) { |
| values.put(FileColumns.FORMAT, format); |
| } |
| |
| if (mimeType == null && path != null && format != MtpConstants.FORMAT_ASSOCIATION) { |
| mimeType = MimeUtils.resolveMimeType(new File(path)); |
| } |
| |
| if (mimeType != null) { |
| values.put(FileColumns.MIME_TYPE, mimeType); |
| if (isCallingPackageSelf() && values.containsKey(FileColumns.MEDIA_TYPE)) { |
| // Leave FileColumns.MEDIA_TYPE untouched if the caller is ModernMediaScanner and |
| // FileColumns.MEDIA_TYPE is already populated. |
| } else if (isFuseThread() && path != null |
| && FileUtils.shouldFileBeHidden(new File(path))) { |
| // We should only mark MEDIA_TYPE as MEDIA_TYPE_NONE for Fuse Thread. |
| // MediaProvider#insert() returns the uri by appending the "rowId" to the given |
| // uri, hence to ensure the correct working of the returned uri, we shouldn't |
| // change the MEDIA_TYPE in insert operation and let scan change it for us. |
| values.put(FileColumns.MEDIA_TYPE, FileColumns.MEDIA_TYPE_NONE); |
| } else { |
| values.put(FileColumns.MEDIA_TYPE, MimeUtils.resolveMediaType(mimeType)); |
| } |
| } else { |
| values.put(FileColumns.MEDIA_TYPE, mediaType); |
| } |
| |
| qb.allowColumn(FileColumns._MODIFIER); |
| if (isCallingPackageSelf() && values.containsKey(FileColumns._MODIFIER)) { |
| // We can't identify if the call is coming from media scan, hence |
| // we let ModernMediaScanner send FileColumns._MODIFIER value. |
| } else if (isFuseThread()) { |
| values.put(FileColumns._MODIFIER, FileColumns._MODIFIER_FUSE); |
| } else { |
| values.put(FileColumns._MODIFIER, FileColumns._MODIFIER_CR); |
| } |
| |
| // There is no meaning of an owner in the internal storage. It is shared by all users. |
| // So we only set the user_id field in the database for external storage. |
| qb.allowColumn(FileColumns._USER_ID); |
| int ownerUserId = FileUtils.extractUserId(path); |
| if (helper.isExternal()) { |
| if (isAppCloneUserForFuse(ownerUserId)) { |
| values.put(FileColumns._USER_ID, ownerUserId); |
| } else { |
| values.put(FileColumns._USER_ID, sUserId); |
| } |
| } |
| |
| final long rowId; |
| Uri newUri = uri; |
| { |
| if (mediaType == FileColumns.MEDIA_TYPE_PLAYLIST) { |
| String name = values.getAsString(Audio.Playlists.NAME); |
| if (name == null && path == null) { |
| // MediaScanner will compute the name from the path if we have one |
| throw new IllegalArgumentException( |
| "no name was provided when inserting abstract playlist"); |
| } |
| } else { |
| if (path == null) { |
| // path might be null for playlists created on the device |
| // or transfered via MTP |
| throw new IllegalArgumentException( |
| "no path was provided when inserting new file"); |
| } |
| } |
| |
| // make sure modification date and size are set |
| if (path != null) { |
| File file = new File(path); |
| if (file.exists()) { |
| values.put(FileColumns.DATE_MODIFIED, file.lastModified() / 1000); |
| if (!values.containsKey(FileColumns.SIZE)) { |
| values.put(FileColumns.SIZE, file.length()); |
| } |
| } |
| // Checking if the file/directory is hidden can be expensive based on the depth of |
| // the directory tree. Call shouldFileBeHidden() only when the caller of insert() |
| // cares about returned uri. |
| if (!isCallingPackageSelf() && !isFuseThread() |
| && FileUtils.shouldFileBeHidden(file)) { |
| newUri = MediaStore.Files.getContentUri(MediaStore.getVolumeName(uri)); |
| } |
| } |
| |
| rowId = insertAllowingUpsert(qb, helper, values, path); |
| } |
| if (format == MtpConstants.FORMAT_ASSOCIATION) { |
| synchronized (mDirectoryCache) { |
| mDirectoryCache.put(path, rowId); |
| } |
| } |
| |
| return ContentUris.withAppendedId(newUri, rowId); |
| } |
| |
| /** |
| * Inserts a new row in MediaProvider database with {@code values}. Treats insert as upsert for |
| * double inserts from same package. |
| */ |
| private long insertAllowingUpsert(@NonNull SQLiteQueryBuilder qb, |
| @NonNull DatabaseHelper helper, @NonNull ContentValues values, String path) |
| throws SQLiteConstraintException { |
| return helper.runWithTransaction((db) -> { |
| Long parent = values.getAsLong(FileColumns.PARENT); |
| if (parent == null) { |
| if (path != null) { |
| final long parentId = getParent(db, path); |
| values.put(FileColumns.PARENT, parentId); |
| } |
| } |
| |
| try { |
| return qb.insert(helper, values); |
| } catch (SQLiteConstraintException e) { |
| final String packages = getAllowedPackagesForUpsert( |
| values.getAsString(MediaColumns.OWNER_PACKAGE_NAME)); |
| SQLiteQueryBuilder qbForUpsert = getQueryBuilderForUpsert(path); |
| final long rowId = getIdIfPathOwnedByPackages(qbForUpsert, helper, path, packages); |
| // Apps sometimes create a file via direct path and then insert it into |
| // MediaStore via ContentResolver. The former should create a database entry, |
| // so we have to treat the latter as an upsert. |
| // TODO(b/149917493) Perform all INSERT operations as UPSERT. |
| if (rowId != -1 && qbForUpsert.update(helper, values, "_id=?", |
| new String[]{Long.toString(rowId)}) == 1) { |
| return rowId; |
| } |
| // Rethrow SQLiteConstraintException on failed upsert. |
| throw e; |
| } |
| }); |
| } |
| |
| /** |
| * @return row id of the entry with path {@code path} if the owner is one of {@code packages}. |
| */ |
| private long getIdIfPathOwnedByPackages(@NonNull SQLiteQueryBuilder qb, |
| @NonNull DatabaseHelper helper, String path, String packages) { |
| final String[] projection = new String[] {FileColumns._ID}; |
| final String ownerPackageMatchClause = DatabaseUtils.bindSelection( |
| MediaColumns.OWNER_PACKAGE_NAME + " IN " + packages); |
| final String selection = FileColumns.DATA + " =? AND " + ownerPackageMatchClause; |
| |
| try (Cursor c = qb.query(helper, projection, selection, new String[] {path}, null, null, |
| null, null, null)) { |
| if (c.moveToFirst()) { |
| return c.getLong(0); |
| } |
| } |
| return -1; |
| } |
| |
| /** |
| * Gets packages that should match to upsert a db row. |
| * |
| * A database row can be upserted if |
| * <ul> |
| * <li> Calling package or one of the shared packages owns the db row. |
| * <li> {@code givenOwnerPackage} owns the db row. This is useful when DownloadProvider |
| * requests upsert on behalf of another app |
| * </ul> |
| */ |
| private String getAllowedPackagesForUpsert(@Nullable String givenOwnerPackage) { |
| ArrayList<String> packages = new ArrayList<>(); |
| packages.addAll(Arrays.asList(mCallingIdentity.get().getSharedPackageNames())); |
| |
| // If givenOwnerPackage is CallingIdentity, packages list would already have shared package |
| // names of givenOwnerPackage. If givenOwnerPackage is not CallingIdentity, since |
| // DownloadProvider can upsert a row on behalf of app, we should include all shared packages |
| // of givenOwnerPackage. |
| if (givenOwnerPackage != null && isCallingPackageDelegator() && |
| !isCallingIdentitySharedPackageName(givenOwnerPackage)) { |
| // Allow DownloadProvider to Upsert if givenOwnerPackage is owner of the db row. |
| packages.addAll(Arrays.asList(getSharedPackagesForPackage(givenOwnerPackage))); |
| } |
| return bindList((Object[]) packages.toArray()); |
| } |
| |
| /** |
| * @return {@link SQLiteQueryBuilder} for upsert with Files uri. This disables strict columns |
| * check to allow upsert to update any column with Files uri. |
| */ |
| private SQLiteQueryBuilder getQueryBuilderForUpsert(@NonNull String path) { |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| Bundle extras = new Bundle(); |
| extras.putInt(QUERY_ARG_MATCH_PENDING, MATCH_INCLUDE); |
| extras.putInt(QUERY_ARG_MATCH_TRASHED, MATCH_INCLUDE); |
| |
| // When Fuse inserts a file to database it doesn't set is_download column. When app tries |
| // insert with Downloads uri, upsert fails because getIdIfPathExistsForCallingPackage can't |
| // find a row ID with is_download=1. Use Files uri to get queryBuilder & update any existing |
| // row irrespective of is_download=1. |
| final Uri uri = FileUtils.getContentUriForPath(path); |
| SQLiteQueryBuilder qb = getQueryBuilder(TYPE_UPDATE, matchUri(uri, allowHidden), uri, |
| extras, null); |
| |
| // We won't be able to update columns that are not part of projection map of Files table. We |
| // have already checked strict columns in previous insert operation which failed with |
| // exception. Any malicious column usage would have got caught in insert operation, hence we |
| // can safely disable strict column check for upsert. |
| qb.setStrictColumns(false); |
| return qb; |
| } |
| |
| private void maybePut(@NonNull ContentValues values, @NonNull String key, |
| @Nullable String value) { |
| if (value != null) { |
| values.put(key, value); |
| } |
| } |
| |
| private boolean maybeMarkAsDownload(@NonNull ContentValues values) { |
| final String path = values.getAsString(MediaColumns.DATA); |
| if (path != null && isDownload(path)) { |
| values.put(FileColumns.IS_DOWNLOAD, 1); |
| return true; |
| } |
| return false; |
| } |
| |
| private static @NonNull String resolveVolumeName(@NonNull Uri uri) { |
| final String volumeName = getVolumeName(uri); |
| if (MediaStore.VOLUME_EXTERNAL.equals(volumeName)) { |
| return MediaStore.VOLUME_EXTERNAL_PRIMARY; |
| } else { |
| return volumeName; |
| } |
| } |
| |
| /** |
| * @deprecated all operations should be routed through the overload that |
| * accepts a {@link Bundle} of extras. |
| */ |
| @Override |
| @Deprecated |
| public Uri insert(Uri uri, ContentValues values) { |
| return insert(uri, values, null); |
| } |
| |
| @Override |
| public @Nullable Uri insert(@NonNull Uri uri, @Nullable ContentValues values, |
| @Nullable Bundle extras) { |
| Trace.beginSection("insert"); |
| try { |
| try { |
| return insertInternal(uri, values, extras); |
| } catch (SQLiteConstraintException e) { |
| if (getCallingPackageTargetSdkVersion() >= Build.VERSION_CODES.R) { |
| throw e; |
| } else { |
| return null; |
| } |
| } |
| } catch (FallbackException e) { |
| return e.translateForInsert(getCallingPackageTargetSdkVersion()); |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| private @Nullable Uri insertInternal(@NonNull Uri uri, @Nullable ContentValues initialValues, |
| @Nullable Bundle extras) throws FallbackException { |
| final String originalVolumeName = getVolumeName(uri); |
| PulledMetrics.logVolumeAccessViaMediaProvider(getCallingUidOrSelf(), originalVolumeName); |
| |
| extras = (extras != null) ? extras : new Bundle(); |
| // REDACTED_URI_BUNDLE_KEY extra should only be set inside MediaProvider. |
| extras.remove(QUERY_ARG_REDACTED_URI); |
| |
| // INCLUDED_DEFAULT_DIRECTORIES extra should only be set inside MediaProvider. |
| extras.remove(INCLUDED_DEFAULT_DIRECTORIES); |
| |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final int match = matchUri(uri, allowHidden); |
| |
| final int targetSdkVersion = getCallingPackageTargetSdkVersion(); |
| final String resolvedVolumeName = resolveVolumeName(uri); |
| |
| // handle MEDIA_SCANNER before calling getDatabaseForUri() |
| if (match == MEDIA_SCANNER) { |
| mMediaScannerVolume = initialValues.getAsString(MediaStore.MEDIA_SCANNER_VOLUME); |
| |
| final DatabaseHelper helper = getDatabaseForUri( |
| MediaStore.Files.getContentUri(mMediaScannerVolume)); |
| |
| helper.mScanStartTime = SystemClock.elapsedRealtime(); |
| return MediaStore.getMediaScannerUri(); |
| } |
| |
| if (match == VOLUMES) { |
| String name = initialValues.getAsString("name"); |
| MediaVolume volume = null; |
| try { |
| volume = getVolume(name); |
| Uri attachedVolume = attachVolume(volume, /* validate */ true); |
| if (mMediaScannerVolume != null && mMediaScannerVolume.equals(name)) { |
| final DatabaseHelper helper = getDatabaseForUri( |
| MediaStore.Files.getContentUri(mMediaScannerVolume)); |
| helper.mScanStartTime = SystemClock.elapsedRealtime(); |
| } |
| return attachedVolume; |
| } catch (FileNotFoundException e) { |
| Log.w(TAG, "Couldn't find volume with name " + volume.getName()); |
| return null; |
| } |
| } |
| |
| final DatabaseHelper helper = getDatabaseForUri(uri); |
| switch (match) { |
| case AUDIO_PLAYLISTS_ID: |
| case AUDIO_PLAYLISTS_ID_MEMBERS: { |
| final long playlistId = Long.parseLong(uri.getPathSegments().get(3)); |
| final Uri playlistUri = ContentUris.withAppendedId( |
| MediaStore.Audio.Playlists.getContentUri(resolvedVolumeName), playlistId); |
| |
| final long audioId = initialValues |
| .getAsLong(MediaStore.Audio.Playlists.Members.AUDIO_ID); |
| final String audioVolumeName = |
| MediaStore.VOLUME_INTERNAL.equals(resolvedVolumeName) |
| ? MediaStore.VOLUME_INTERNAL : MediaStore.VOLUME_EXTERNAL; |
| final Uri audioUri = ContentUris.withAppendedId( |
| MediaStore.Audio.Media.getContentUri(audioVolumeName), audioId); |
| |
| // Require that caller has write access to underlying media |
| enforceCallingPermission(playlistUri, Bundle.EMPTY, true); |
| enforceCallingPermission(audioUri, Bundle.EMPTY, false); |
| |
| // Playlist contents are always persisted directly into playlist |
| // files on disk to ensure that we can reliably migrate between |
| // devices and recover from database corruption |
| final long id = addPlaylistMembers(playlistUri, initialValues); |
| acceptWithExpansion(helper::notifyInsert, resolvedVolumeName, playlistId, |
| FileColumns.MEDIA_TYPE_PLAYLIST, false); |
| return ContentUris.withAppendedId(MediaStore.Audio.Playlists.Members |
| .getContentUri(originalVolumeName, playlistId), id); |
| } |
| } |
| |
| String path = null; |
| String ownerPackageName = null; |
| if (initialValues != null) { |
| // IDs are forever; nobody should be editing them |
| initialValues.remove(MediaColumns._ID); |
| |
| // Expiration times are hard-coded; let's derive them |
| FileUtils.computeDateExpires(initialValues); |
| |
| // Ignore or augment incoming raw filesystem paths |
| for (String column : sDataColumns.keySet()) { |
| if (!initialValues.containsKey(column)) continue; |
| |
| if (isCallingPackageSelf() || isCallingPackageLegacyWrite()) { |
| // Mutation allowed |
| } else if (isCallingPackageManager()) { |
| // Apps with MANAGE_EXTERNAL_STORAGE have all files access, hence they are |
| // allowed to insert files anywhere. |
| } else { |
| Log.w(TAG, "Ignoring mutation of " + column + " from " |
| + getCallingPackageOrSelf()); |
| initialValues.remove(column); |
| } |
| } |
| |
| path = initialValues.getAsString(MediaStore.MediaColumns.DATA); |
| |
| if (!isCallingPackageSelf()) { |
| initialValues.remove(FileColumns.IS_DOWNLOAD); |
| } |
| |
| // We no longer track location metadata |
| if (initialValues.containsKey(ImageColumns.LATITUDE)) { |
| initialValues.putNull(ImageColumns.LATITUDE); |
| } |
| if (initialValues.containsKey(ImageColumns.LONGITUDE)) { |
| initialValues.putNull(ImageColumns.LONGITUDE); |
| } |
| if (getCallingPackageTargetSdkVersion() <= Build.VERSION_CODES.Q) { |
| // These columns are removed in R. |
| if (initialValues.containsKey("primary_directory")) { |
| initialValues.remove("primary_directory"); |
| } |
| if (initialValues.containsKey("secondary_directory")) { |
| initialValues.remove("secondary_directory"); |
| } |
| } |
| |
| if (isCallingPackageSelf() || isCallingPackageShell()) { |
| // When media inserted by ourselves during a scan, or by the |
| // shell, the best we can do is guess ownership based on path |
| // when it's not explicitly provided |
| ownerPackageName = initialValues.getAsString(FileColumns.OWNER_PACKAGE_NAME); |
| if (TextUtils.isEmpty(ownerPackageName)) { |
| ownerPackageName = extractPathOwnerPackageName(path); |
| } |
| } else if (isCallingPackageDelegator()) { |
| // When caller is a delegator, we handle ownership as a hybrid |
| // of the two other cases: we're willing to accept any ownership |
| // transfer attempted during insert, but we fall back to using |
| // the Binder identity if they don't request a specific owner |
| ownerPackageName = initialValues.getAsString(FileColumns.OWNER_PACKAGE_NAME); |
| if (TextUtils.isEmpty(ownerPackageName)) { |
| ownerPackageName = getCallingPackageOrSelf(); |
| } |
| } else { |
| // Remote callers have no direct control over owner column; we force |
| // it be whoever is creating the content. |
| initialValues.remove(FileColumns.OWNER_PACKAGE_NAME); |
| ownerPackageName = getCallingPackageOrSelf(); |
| } |
| } |
| |
| long rowId = -1; |
| Uri newUri = null; |
| |
| final SQLiteQueryBuilder qb = getQueryBuilder(TYPE_INSERT, match, uri, extras, null); |
| |
| switch (match) { |
| case IMAGES_MEDIA: { |
| maybePut(initialValues, FileColumns.OWNER_PACKAGE_NAME, ownerPackageName); |
| final boolean isDownload = maybeMarkAsDownload(initialValues); |
| newUri = insertFile(qb, helper, match, uri, extras, initialValues, |
| FileColumns.MEDIA_TYPE_IMAGE); |
| break; |
| } |
| |
| case IMAGES_THUMBNAILS: { |
| if (helper.isInternal()) { |
| throw new UnsupportedOperationException( |
| "Writing to internal storage is not supported."); |
| } |
| |
| // Require that caller has write access to underlying media |
| final long imageId = initialValues.getAsLong(MediaStore.Images.Thumbnails.IMAGE_ID); |
| enforceCallingPermission(ContentUris.withAppendedId( |
| MediaStore.Images.Media.getContentUri(resolvedVolumeName), imageId), |
| extras, true); |
| |
| ensureUniqueFileColumns(match, uri, extras, initialValues, null); |
| |
| rowId = qb.insert(helper, initialValues); |
| if (rowId > 0) { |
| newUri = ContentUris.withAppendedId(Images.Thumbnails. |
| getContentUri(originalVolumeName), rowId); |
| } |
| break; |
| } |
| |
| case VIDEO_THUMBNAILS: { |
| if (helper.isInternal()) { |
| throw new UnsupportedOperationException( |
| "Writing to internal storage is not supported."); |
| } |
| |
| // Require that caller has write access to underlying media |
| final long videoId = initialValues.getAsLong(MediaStore.Video.Thumbnails.VIDEO_ID); |
| enforceCallingPermission(ContentUris.withAppendedId( |
| MediaStore.Video.Media.getContentUri(resolvedVolumeName), videoId), |
| Bundle.EMPTY, true); |
| |
| ensureUniqueFileColumns(match, uri, extras, initialValues, null); |
| |
| rowId = qb.insert(helper, initialValues); |
| if (rowId > 0) { |
| newUri = ContentUris.withAppendedId(Video.Thumbnails. |
| getContentUri(originalVolumeName), rowId); |
| } |
| break; |
| } |
| |
| case AUDIO_MEDIA: { |
| maybePut(initialValues, FileColumns.OWNER_PACKAGE_NAME, ownerPackageName); |
| final boolean isDownload = maybeMarkAsDownload(initialValues); |
| newUri = insertFile(qb, helper, match, uri, extras, initialValues, |
| FileColumns.MEDIA_TYPE_AUDIO); |
| break; |
| } |
| |
| case AUDIO_MEDIA_ID_GENRES: { |
| throw new FallbackException("Genres are read-only", Build.VERSION_CODES.R); |
| } |
| |
| case AUDIO_GENRES: { |
| throw new FallbackException("Genres are read-only", Build.VERSION_CODES.R); |
| } |
| |
| case AUDIO_GENRES_ID_MEMBERS: { |
| throw new FallbackException("Genres are read-only", Build.VERSION_CODES.R); |
| } |
| |
| case AUDIO_PLAYLISTS: { |
| maybePut(initialValues, FileColumns.OWNER_PACKAGE_NAME, ownerPackageName); |
| final boolean isDownload = maybeMarkAsDownload(initialValues); |
| ContentValues values = new ContentValues(initialValues); |
| values.put(MediaStore.Audio.Playlists.DATE_ADDED, System.currentTimeMillis() / 1000); |
| // Playlist names are stored as display names, but leave |
| // values untouched if the caller is ModernMediaScanner |
| if (!isCallingPackageSelf()) { |
| if (values.containsKey(Playlists.NAME)) { |
| values.put(MediaColumns.DISPLAY_NAME, values.getAsString(Playlists.NAME)); |
| } |
| if (!values.containsKey(MediaColumns.MIME_TYPE)) { |
| values.put(MediaColumns.MIME_TYPE, "audio/mpegurl"); |
| } |
| } |
| newUri = insertFile(qb, helper, match, uri, extras, values, |
| FileColumns.MEDIA_TYPE_PLAYLIST); |
| if (newUri != null) { |
| // Touch empty playlist file on disk so its ready for renames |
| if (Binder.getCallingUid() != android.os.Process.myUid()) { |
| try (OutputStream out = ContentResolver.wrap(this) |
| .openOutputStream(newUri)) { |
| } catch (IOException ignored) { |
| } |
| } |
| } |
| break; |
| } |
| |
| case VIDEO_MEDIA: { |
| maybePut(initialValues, FileColumns.OWNER_PACKAGE_NAME, ownerPackageName); |
| final boolean isDownload = maybeMarkAsDownload(initialValues); |
| newUri = insertFile(qb, helper, match, uri, extras, initialValues, |
| FileColumns.MEDIA_TYPE_VIDEO); |
| break; |
| } |
| |
| case AUDIO_ALBUMART: { |
| if (helper.isInternal()) { |
| throw new UnsupportedOperationException("no internal album art allowed"); |
| } |
| |
| ensureUniqueFileColumns(match, uri, extras, initialValues, null); |
| |
| rowId = qb.insert(helper, initialValues); |
| if (rowId > 0) { |
| newUri = ContentUris.withAppendedId(uri, rowId); |
| } |
| break; |
| } |
| |
| case FILES: { |
| maybePut(initialValues, FileColumns.OWNER_PACKAGE_NAME, ownerPackageName); |
| final boolean isDownload = maybeMarkAsDownload(initialValues); |
| final String mimeType = initialValues.getAsString(MediaColumns.MIME_TYPE); |
| final int mediaType = MimeUtils.resolveMediaType(mimeType); |
| newUri = insertFile(qb, helper, match, uri, extras, initialValues, |
| mediaType); |
| break; |
| } |
| |
| case DOWNLOADS: |
| maybePut(initialValues, FileColumns.OWNER_PACKAGE_NAME, ownerPackageName); |
| initialValues.put(FileColumns.IS_DOWNLOAD, 1); |
| newUri = insertFile(qb, helper, match, uri, extras, initialValues, |
| FileColumns.MEDIA_TYPE_NONE); |
| break; |
| |
| default: |
| throw new UnsupportedOperationException("Invalid URI " + uri); |
| } |
| |
| // Remember that caller is owner of this item, to speed up future |
| // permission checks for this caller |
| mCallingIdentity.get().setOwned(rowId, true); |
| |
| if (path != null && path.toLowerCase(Locale.ROOT).endsWith("/.nomedia")) { |
| scanFileAsMediaProvider(new File(path).getParentFile(), REASON_DEMAND); |
| } |
| |
| return newUri; |
| } |
| |
| @Override |
| public ContentProviderResult[] applyBatch(ArrayList<ContentProviderOperation> operations) |
| throws OperationApplicationException { |
| // Open transactions on databases for requested volumes |
| final Set<DatabaseHelper> transactions = new ArraySet<>(); |
| try { |
| for (ContentProviderOperation op : operations) { |
| final DatabaseHelper helper = getDatabaseForUri(op.getUri()); |
| if (transactions.contains(helper)) continue; |
| |
| if (!helper.isTransactionActive()) { |
| helper.beginTransaction(); |
| transactions.add(helper); |
| } else { |
| // We normally don't allow nested transactions (since we |
| // don't have a good way to selectively roll them back) but |
| // if the incoming operation is ignoring exceptions, then we |
| // don't need to worry about partial rollback and can |
| // piggyback on the larger active transaction |
| if (!op.isExceptionAllowed()) { |
| throw new IllegalStateException("Nested transactions not supported"); |
| } |
| } |
| } |
| |
| final ContentProviderResult[] result = super.applyBatch(operations); |
| for (DatabaseHelper helper : transactions) { |
| helper.setTransactionSuccessful(); |
| } |
| return result; |
| } catch (VolumeNotFoundException e) { |
| throw e.rethrowAsIllegalArgumentException(); |
| } finally { |
| for (DatabaseHelper helper : transactions) { |
| helper.endTransaction(); |
| } |
| } |
| } |
| |
| private void appendWhereStandaloneMatch(@NonNull SQLiteQueryBuilder qb, |
| @NonNull String column, /* @Match */ int match, Uri uri) { |
| switch (match) { |
| case MATCH_INCLUDE: |
| // No special filtering needed |
| break; |
| case MATCH_EXCLUDE: |
| appendWhereStandalone(qb, getWhereClauseForMatchExclude(column)); |
| break; |
| case MATCH_ONLY: |
| appendWhereStandalone(qb, column + "=?", 1); |
| break; |
| case MATCH_VISIBLE_FOR_FILEPATH: |
| final String whereClause = |
| getWhereClauseForMatchableVisibleFromFilePath(uri, column); |
| if (whereClause != null) { |
| appendWhereStandalone(qb, whereClause); |
| } |
| break; |
| default: |
| throw new IllegalArgumentException(); |
| } |
| } |
| |
| private static void appendWhereStandalone(@NonNull SQLiteQueryBuilder qb, |
| @Nullable String selection, @Nullable Object... selectionArgs) { |
| qb.appendWhereStandalone(DatabaseUtils.bindSelection(selection, selectionArgs)); |
| } |
| |
| private static void appendWhereStandaloneFilter(@NonNull SQLiteQueryBuilder qb, |
| @NonNull String[] columns, @Nullable String filter) { |
| if (TextUtils.isEmpty(filter)) return; |
| for (String filterWord : filter.split("\\s+")) { |
| appendWhereStandalone(qb, String.join("||", columns) + " LIKE ? ESCAPE '\\'", |
| "%" + DatabaseUtils.escapeForLike(Audio.keyFor(filterWord)) + "%"); |
| } |
| } |
| |
| /** |
| * Gets {@link LocalCallingIdentity} for the calling package |
| * TODO(b/170465810) Change the method name after refactoring. |
| */ |
| LocalCallingIdentity getCachedCallingIdentityForTranscoding(int uid) { |
| return getCachedCallingIdentityForFuse(uid); |
| } |
| |
| @Deprecated |
| private String getSharedPackages() { |
| final String[] sharedPackageNames = mCallingIdentity.get().getSharedPackageNames(); |
| return bindList((Object[]) sharedPackageNames); |
| } |
| |
| /** |
| * Gets shared packages names for given {@code packageName} |
| */ |
| private String[] getSharedPackagesForPackage(String packageName) { |
| try { |
| final int packageUid = getContext().getPackageManager() |
| .getPackageUid(packageName, 0); |
| return getContext().getPackageManager().getPackagesForUid(packageUid); |
| } catch (NameNotFoundException ignored) { |
| return new String[] {packageName}; |
| } |
| } |
| |
| private static final int TYPE_QUERY = 0; |
| private static final int TYPE_INSERT = 1; |
| private static final int TYPE_UPDATE = 2; |
| private static final int TYPE_DELETE = 3; |
| |
| /** |
| * Creating a new method for Transcoding to avoid any merge conflicts. |
| * TODO(b/170465810): Remove this when getQueryBuilder code is refactored. |
| */ |
| @NonNull SQLiteQueryBuilder getQueryBuilderForTranscoding(int type, int match, |
| @NonNull Uri uri, @NonNull Bundle extras, @Nullable Consumer<String> honored) { |
| // Force MediaProvider calling identity when accessing the db from transcoding to avoid |
| // generating 'strict' SQL e.g forcing owner_package_name matches |
| // We already handle the required permission checks for the app before we get here |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try { |
| return getQueryBuilder(type, match, uri, extras, honored); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| |
| /** |
| * Generate a {@link SQLiteQueryBuilder} that is filtered based on the |
| * runtime permissions and/or {@link Uri} grants held by the caller. |
| * <ul> |
| * <li>If caller holds a {@link Uri} grant, access is allowed according to |
| * that grant. |
| * <li>If caller holds the write permission for a collection, they can |
| * read/write all contents of that collection. |
| * <li>If caller holds the read permission for a collection, they can read |
| * all contents of that collection, but writes are limited to content they |
| * own. |
| * <li>If caller holds no permissions for a collection, all reads/write are |
| * limited to content they own. |
| * </ul> |
| */ |
| private @NonNull SQLiteQueryBuilder getQueryBuilder(int type, int match, |
| @NonNull Uri uri, @NonNull Bundle extras, @Nullable Consumer<String> honored) { |
| Trace.beginSection("getQueryBuilder"); |
| try { |
| return getQueryBuilderInternal(type, match, uri, extras, honored); |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| private @NonNull SQLiteQueryBuilder getQueryBuilderInternal(int type, int match, |
| @NonNull Uri uri, @NonNull Bundle extras, @Nullable Consumer<String> honored) { |
| final boolean forWrite; |
| switch (type) { |
| case TYPE_QUERY: forWrite = false; break; |
| case TYPE_INSERT: forWrite = true; break; |
| case TYPE_UPDATE: forWrite = true; break; |
| case TYPE_DELETE: forWrite = true; break; |
| default: throw new IllegalStateException(); |
| } |
| |
| final SQLiteQueryBuilder qb = new SQLiteQueryBuilder(); |
| if (uri.getBooleanQueryParameter("distinct", false)) { |
| qb.setDistinct(true); |
| } |
| qb.setStrict(true); |
| if (isCallingPackageSelf()) { |
| // When caller is system, such as the media scanner, we're willing |
| // to let them access any columns they want |
| } else { |
| qb.setTargetSdkVersion(getCallingPackageTargetSdkVersion()); |
| qb.setStrictColumns(true); |
| qb.setStrictGrammar(true); |
| } |
| |
| // TODO: throw when requesting a currently unmounted volume |
| final String volumeName = MediaStore.getVolumeName(uri); |
| final String includeVolumes; |
| if (MediaStore.VOLUME_EXTERNAL.equals(volumeName)) { |
| includeVolumes = bindList(mVolumeCache.getExternalVolumeNames().toArray()); |
| } else { |
| includeVolumes = bindList(volumeName); |
| } |
| final String sharedPackages = getSharedPackages(); |
| final String matchSharedPackagesClause = FileColumns.OWNER_PACKAGE_NAME + " IN " |
| + sharedPackages; |
| |
| boolean allowGlobal; |
| final Uri redactedUri = extras.getParcelable(QUERY_ARG_REDACTED_URI); |
| if (redactedUri != null) { |
| if (forWrite) { |
| throw new UnsupportedOperationException( |
| "Writes on: " + redactedUri.toString() + " are not supported"); |
| } |
| allowGlobal = checkCallingPermissionGlobal(redactedUri, false); |
| } else { |
| allowGlobal = checkCallingPermissionGlobal(uri, forWrite); |
| } |
| |
| final boolean allowLegacy = |
| forWrite ? isCallingPackageLegacyWrite() : isCallingPackageLegacyRead(); |
| final boolean allowLegacyRead = allowLegacy && !forWrite; |
| |
| int matchPending = extras.getInt(QUERY_ARG_MATCH_PENDING, MATCH_DEFAULT); |
| int matchTrashed = extras.getInt(QUERY_ARG_MATCH_TRASHED, MATCH_DEFAULT); |
| int matchFavorite = extras.getInt(QUERY_ARG_MATCH_FAVORITE, MATCH_DEFAULT); |
| |
| final ArrayList<String> includedDefaultDirs = extras.getStringArrayList( |
| INCLUDED_DEFAULT_DIRECTORIES); |
| |
| // Handle callers using legacy arguments |
| if (MediaStore.getIncludePending(uri)) matchPending = MATCH_INCLUDE; |
| |
| // Resolve any remaining default options |
| final int defaultMatchForPendingAndTrashed; |
| if (isFuseThread()) { |
| // Write operations always check for file ownership, we don't need additional write |
| // permission check for is_pending and is_trashed. |
| defaultMatchForPendingAndTrashed = |
| forWrite ? MATCH_INCLUDE : MATCH_VISIBLE_FOR_FILEPATH; |
| } else { |
| defaultMatchForPendingAndTrashed = MATCH_EXCLUDE; |
| } |
| if (matchPending == MATCH_DEFAULT) matchPending = defaultMatchForPendingAndTrashed; |
| if (matchTrashed == MATCH_DEFAULT) matchTrashed = defaultMatchForPendingAndTrashed; |
| if (matchFavorite == MATCH_DEFAULT) matchFavorite = MATCH_INCLUDE; |
| |
| // Handle callers using legacy filtering |
| final String filter = uri.getQueryParameter("filter"); |
| |
| // Only accept ALL_VOLUMES parameter up until R, because we're not convinced we want |
| // to commit to this as an API. |
| final boolean includeAllVolumes = shouldIncludeRecentlyUnmountedVolumes(uri, extras); |
| final String callingPackage = getCallingPackageOrSelf(); |
| |
| switch (match) { |
| case IMAGES_MEDIA_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(3)); |
| matchPending = MATCH_INCLUDE; |
| matchTrashed = MATCH_INCLUDE; |
| // fall-through |
| case IMAGES_MEDIA: { |
| if (type == TYPE_QUERY) { |
| qb.setTables("images"); |
| qb.setProjectionMap( |
| getProjectionMap(Images.Media.class)); |
| } else { |
| qb.setTables("files"); |
| qb.setProjectionMap( |
| getProjectionMap(Images.Media.class, Files.FileColumns.class)); |
| appendWhereStandalone(qb, FileColumns.MEDIA_TYPE + "=?", |
| FileColumns.MEDIA_TYPE_IMAGE); |
| } |
| if (!allowGlobal && !checkCallingPermissionImages(forWrite, callingPackage)) { |
| appendWhereStandalone(qb, matchSharedPackagesClause); |
| } |
| appendWhereStandaloneMatch(qb, FileColumns.IS_PENDING, matchPending, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_TRASHED, matchTrashed, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_FAVORITE, matchFavorite, uri); |
| if (honored != null) { |
| honored.accept(QUERY_ARG_MATCH_PENDING); |
| honored.accept(QUERY_ARG_MATCH_TRASHED); |
| honored.accept(QUERY_ARG_MATCH_FAVORITE); |
| } |
| if (!includeAllVolumes) { |
| appendWhereStandalone(qb, FileColumns.VOLUME_NAME + " IN " + includeVolumes); |
| } |
| break; |
| } |
| case IMAGES_THUMBNAILS_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(3)); |
| // fall-through |
| case IMAGES_THUMBNAILS: { |
| qb.setTables("thumbnails"); |
| |
| final ArrayMap<String, String> projectionMap = new ArrayMap<>( |
| getProjectionMap(Images.Thumbnails.class)); |
| projectionMap.put(Images.Thumbnails.THUMB_DATA, |
| "NULL AS " + Images.Thumbnails.THUMB_DATA); |
| qb.setProjectionMap(projectionMap); |
| |
| if (!allowGlobal && !checkCallingPermissionImages(forWrite, callingPackage)) { |
| appendWhereStandalone(qb, |
| "image_id IN (SELECT _id FROM images WHERE " |
| + matchSharedPackagesClause + ")"); |
| } |
| break; |
| } |
| case AUDIO_MEDIA_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(3)); |
| matchPending = MATCH_INCLUDE; |
| matchTrashed = MATCH_INCLUDE; |
| // fall-through |
| case AUDIO_MEDIA: { |
| if (type == TYPE_QUERY) { |
| qb.setTables("audio"); |
| qb.setProjectionMap( |
| getProjectionMap(Audio.Media.class)); |
| } else { |
| qb.setTables("files"); |
| qb.setProjectionMap( |
| getProjectionMap(Audio.Media.class, Files.FileColumns.class)); |
| appendWhereStandalone(qb, FileColumns.MEDIA_TYPE + "=?", |
| FileColumns.MEDIA_TYPE_AUDIO); |
| } |
| if (!allowGlobal && !checkCallingPermissionAudio(forWrite, callingPackage)) { |
| // Apps without Audio permission can only see their own |
| // media, but we also let them see ringtone-style media to |
| // support legacy use-cases. |
| appendWhereStandalone(qb, |
| DatabaseUtils.bindSelection(matchSharedPackagesClause |
| + " OR is_ringtone=1 OR is_alarm=1 OR is_notification=1")); |
| } |
| appendWhereStandaloneFilter(qb, new String[] { |
| AudioColumns.ARTIST_KEY, AudioColumns.ALBUM_KEY, AudioColumns.TITLE_KEY |
| }, filter); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_PENDING, matchPending, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_TRASHED, matchTrashed, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_FAVORITE, matchFavorite, uri); |
| if (honored != null) { |
| honored.accept(QUERY_ARG_MATCH_PENDING); |
| honored.accept(QUERY_ARG_MATCH_TRASHED); |
| honored.accept(QUERY_ARG_MATCH_FAVORITE); |
| } |
| if (!includeAllVolumes) { |
| appendWhereStandalone(qb, FileColumns.VOLUME_NAME + " IN " + includeVolumes); |
| } |
| break; |
| } |
| case AUDIO_MEDIA_ID_GENRES_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(5)); |
| // fall-through |
| case AUDIO_MEDIA_ID_GENRES: { |
| if (type == TYPE_QUERY) { |
| qb.setTables("audio_genres"); |
| qb.setProjectionMap(getProjectionMap(Audio.Genres.class)); |
| } else { |
| throw new UnsupportedOperationException("Genres cannot be directly modified"); |
| } |
| appendWhereStandalone(qb, "_id IN (SELECT genre_id FROM " + |
| "audio WHERE _id=?)", uri.getPathSegments().get(3)); |
| if (!allowGlobal && !checkCallingPermissionAudio(false, callingPackage)) { |
| // We don't have a great way to filter parsed metadata by |
| // owner, so callers need to hold READ_MEDIA_AUDIO |
| appendWhereStandalone(qb, "0"); |
| } |
| break; |
| } |
| case AUDIO_GENRES_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(3)); |
| // fall-through |
| case AUDIO_GENRES: { |
| qb.setTables("audio_genres"); |
| qb.setProjectionMap(getProjectionMap(Audio.Genres.class)); |
| if (!allowGlobal && !checkCallingPermissionAudio(false, callingPackage)) { |
| // We don't have a great way to filter parsed metadata by |
| // owner, so callers need to hold READ_MEDIA_AUDIO |
| appendWhereStandalone(qb, "0"); |
| } |
| break; |
| } |
| case AUDIO_GENRES_ID_MEMBERS: |
| appendWhereStandalone(qb, "genre_id=?", uri.getPathSegments().get(3)); |
| // fall-through |
| case AUDIO_GENRES_ALL_MEMBERS: { |
| if (type == TYPE_QUERY) { |
| qb.setTables("audio"); |
| |
| final ArrayMap<String, String> projectionMap = new ArrayMap<>( |
| getProjectionMap(Audio.Genres.Members.class)); |
| projectionMap.put(Audio.Genres.Members.AUDIO_ID, |
| "_id AS " + Audio.Genres.Members.AUDIO_ID); |
| qb.setProjectionMap(projectionMap); |
| } else { |
| throw new UnsupportedOperationException("Genres cannot be directly modified"); |
| } |
| appendWhereStandaloneFilter(qb, new String[] { |
| AudioColumns.ARTIST_KEY, AudioColumns.ALBUM_KEY, AudioColumns.TITLE_KEY |
| }, filter); |
| if (!allowGlobal && !checkCallingPermissionAudio(false, callingPackage)) { |
| // We don't have a great way to filter parsed metadata by |
| // owner, so callers need to hold READ_MEDIA_AUDIO |
| appendWhereStandalone(qb, "0"); |
| } |
| // In order to be consistent with other audio views like audio_artist, audio_albums, |
| // and audio_genres, exclude pending and trashed item |
| appendWhereStandaloneMatch(qb, FileColumns.IS_PENDING, MATCH_EXCLUDE, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_TRASHED, MATCH_EXCLUDE, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_FAVORITE, matchFavorite, uri); |
| if (honored != null) { |
| honored.accept(QUERY_ARG_MATCH_FAVORITE); |
| } |
| if (!includeAllVolumes) { |
| appendWhereStandalone(qb, FileColumns.VOLUME_NAME + " IN " + includeVolumes); |
| } |
| break; |
| } |
| case AUDIO_PLAYLISTS_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(3)); |
| matchPending = MATCH_INCLUDE; |
| matchTrashed = MATCH_INCLUDE; |
| // fall-through |
| case AUDIO_PLAYLISTS: { |
| if (type == TYPE_QUERY) { |
| qb.setTables("audio_playlists"); |
| qb.setProjectionMap( |
| getProjectionMap(Audio.Playlists.class)); |
| } else { |
| qb.setTables("files"); |
| qb.setProjectionMap( |
| getProjectionMap(Audio.Playlists.class, Files.FileColumns.class)); |
| appendWhereStandalone(qb, FileColumns.MEDIA_TYPE + "=?", |
| FileColumns.MEDIA_TYPE_PLAYLIST); |
| } |
| if (!allowGlobal && !checkCallingPermissionAudio(forWrite, callingPackage)) { |
| appendWhereStandalone(qb, matchSharedPackagesClause); |
| } |
| appendWhereStandaloneMatch(qb, FileColumns.IS_PENDING, matchPending, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_TRASHED, matchTrashed, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_FAVORITE, matchFavorite, uri); |
| if (honored != null) { |
| honored.accept(QUERY_ARG_MATCH_PENDING); |
| honored.accept(QUERY_ARG_MATCH_TRASHED); |
| honored.accept(QUERY_ARG_MATCH_FAVORITE); |
| } |
| if (!includeAllVolumes) { |
| appendWhereStandalone(qb, FileColumns.VOLUME_NAME + " IN " + includeVolumes); |
| } |
| break; |
| } |
| case AUDIO_PLAYLISTS_ID_MEMBERS_ID: |
| appendWhereStandalone(qb, "audio_playlists_map._id=?", |
| uri.getPathSegments().get(5)); |
| // fall-through |
| case AUDIO_PLAYLISTS_ID_MEMBERS: { |
| appendWhereStandalone(qb, "playlist_id=?", uri.getPathSegments().get(3)); |
| if (type == TYPE_QUERY) { |
| qb.setTables("audio_playlists_map, audio"); |
| |
| final ArrayMap<String, String> projectionMap = new ArrayMap<>( |
| getProjectionMap(Audio.Playlists.Members.class)); |
| projectionMap.put(Audio.Playlists.Members._ID, |
| "audio_playlists_map._id AS " + Audio.Playlists.Members._ID); |
| qb.setProjectionMap(projectionMap); |
| |
| appendWhereStandalone(qb, "audio._id = audio_id"); |
| // Since we use audio table along with audio_playlists_map |
| // for querying, we should only include database rows of |
| // the attached volumes. |
| if (!includeAllVolumes) { |
| appendWhereStandalone(qb, FileColumns.VOLUME_NAME + " IN " |
| + includeVolumes); |
| } |
| } else { |
| qb.setTables("audio_playlists_map"); |
| qb.setProjectionMap(getProjectionMap(Audio.Playlists.Members.class)); |
| } |
| appendWhereStandaloneFilter(qb, new String[] { |
| AudioColumns.ARTIST_KEY, AudioColumns.ALBUM_KEY, AudioColumns.TITLE_KEY |
| }, filter); |
| if (!allowGlobal && !checkCallingPermissionAudio(false, callingPackage)) { |
| // We don't have a great way to filter parsed metadata by |
| // owner, so callers need to hold READ_MEDIA_AUDIO |
| appendWhereStandalone(qb, "0"); |
| } |
| break; |
| } |
| case AUDIO_ALBUMART_ID: |
| appendWhereStandalone(qb, "album_id=?", uri.getPathSegments().get(3)); |
| // fall-through |
| case AUDIO_ALBUMART: { |
| qb.setTables("album_art"); |
| |
| final ArrayMap<String, String> projectionMap = new ArrayMap<>( |
| getProjectionMap(Audio.Thumbnails.class)); |
| projectionMap.put(Audio.Thumbnails._ID, |
| "album_id AS " + Audio.Thumbnails._ID); |
| qb.setProjectionMap(projectionMap); |
| |
| if (!allowGlobal && !checkCallingPermissionAudio(false, callingPackage)) { |
| // We don't have a great way to filter parsed metadata by |
| // owner, so callers need to hold READ_MEDIA_AUDIO |
| appendWhereStandalone(qb, "0"); |
| } |
| break; |
| } |
| case AUDIO_ARTISTS_ID_ALBUMS: { |
| if (type == TYPE_QUERY) { |
| qb.setTables("audio_artists_albums"); |
| qb.setProjectionMap(getProjectionMap(Audio.Artists.Albums.class)); |
| |
| final String artistId = uri.getPathSegments().get(3); |
| appendWhereStandalone(qb, "artist_id=?", artistId); |
| } else { |
| throw new UnsupportedOperationException("Albums cannot be directly modified"); |
| } |
| appendWhereStandaloneFilter(qb, new String[] { |
| AudioColumns.ALBUM_KEY |
| }, filter); |
| if (!allowGlobal && !checkCallingPermissionAudio(false, callingPackage)) { |
| // We don't have a great way to filter parsed metadata by |
| // owner, so callers need to hold READ_MEDIA_AUDIO |
| appendWhereStandalone(qb, "0"); |
| } |
| break; |
| } |
| case AUDIO_ARTISTS_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(3)); |
| // fall-through |
| case AUDIO_ARTISTS: { |
| if (type == TYPE_QUERY) { |
| qb.setTables("audio_artists"); |
| qb.setProjectionMap(getProjectionMap(Audio.Artists.class)); |
| } else { |
| throw new UnsupportedOperationException("Artists cannot be directly modified"); |
| } |
| appendWhereStandaloneFilter(qb, new String[] { |
| AudioColumns.ARTIST_KEY |
| }, filter); |
| if (!allowGlobal && !checkCallingPermissionAudio(false, callingPackage)) { |
| // We don't have a great way to filter parsed metadata by |
| // owner, so callers need to hold READ_MEDIA_AUDIO |
| appendWhereStandalone(qb, "0"); |
| } |
| break; |
| } |
| case AUDIO_ALBUMS_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(3)); |
| // fall-through |
| case AUDIO_ALBUMS: { |
| if (type == TYPE_QUERY) { |
| qb.setTables("audio_albums"); |
| qb.setProjectionMap(getProjectionMap(Audio.Albums.class)); |
| } else { |
| throw new UnsupportedOperationException("Albums cannot be directly modified"); |
| } |
| appendWhereStandaloneFilter(qb, new String[] { |
| AudioColumns.ARTIST_KEY, AudioColumns.ALBUM_KEY |
| }, filter); |
| if (!allowGlobal && !checkCallingPermissionAudio(false, callingPackage)) { |
| // We don't have a great way to filter parsed metadata by |
| // owner, so callers need to hold READ_MEDIA_AUDIO |
| appendWhereStandalone(qb, "0"); |
| } |
| break; |
| } |
| case VIDEO_MEDIA_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(3)); |
| matchPending = MATCH_INCLUDE; |
| matchTrashed = MATCH_INCLUDE; |
| // fall-through |
| case VIDEO_MEDIA: { |
| if (type == TYPE_QUERY) { |
| qb.setTables("video"); |
| qb.setProjectionMap( |
| getProjectionMap(Video.Media.class)); |
| } else { |
| qb.setTables("files"); |
| qb.setProjectionMap( |
| getProjectionMap(Video.Media.class, Files.FileColumns.class)); |
| appendWhereStandalone(qb, FileColumns.MEDIA_TYPE + "=?", |
| FileColumns.MEDIA_TYPE_VIDEO); |
| } |
| if (!allowGlobal && !checkCallingPermissionVideo(forWrite, callingPackage)) { |
| appendWhereStandalone(qb, matchSharedPackagesClause); |
| } |
| appendWhereStandaloneMatch(qb, FileColumns.IS_PENDING, matchPending, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_TRASHED, matchTrashed, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_FAVORITE, matchFavorite, uri); |
| if (honored != null) { |
| honored.accept(QUERY_ARG_MATCH_PENDING); |
| honored.accept(QUERY_ARG_MATCH_TRASHED); |
| honored.accept(QUERY_ARG_MATCH_FAVORITE); |
| } |
| if (!includeAllVolumes) { |
| appendWhereStandalone(qb, FileColumns.VOLUME_NAME + " IN " + includeVolumes); |
| } |
| break; |
| } |
| case VIDEO_THUMBNAILS_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(3)); |
| // fall-through |
| case VIDEO_THUMBNAILS: { |
| qb.setTables("videothumbnails"); |
| qb.setProjectionMap(getProjectionMap(Video.Thumbnails.class)); |
| if (!allowGlobal && !checkCallingPermissionVideo(forWrite, callingPackage)) { |
| appendWhereStandalone(qb, |
| "video_id IN (SELECT _id FROM video WHERE " + |
| matchSharedPackagesClause + ")"); |
| } |
| break; |
| } |
| case FILES_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(2)); |
| matchPending = MATCH_INCLUDE; |
| matchTrashed = MATCH_INCLUDE; |
| // fall-through |
| case FILES: { |
| qb.setTables("files"); |
| qb.setProjectionMap(getProjectionMap(Files.FileColumns.class)); |
| |
| final ArrayList<String> options = new ArrayList<>(); |
| if (!allowGlobal && !allowLegacyRead) { |
| options.add(DatabaseUtils.bindSelection(matchSharedPackagesClause)); |
| if (allowLegacy) { |
| options.add(DatabaseUtils.bindSelection("volume_name=?", |
| MediaStore.VOLUME_EXTERNAL_PRIMARY)); |
| } |
| if (checkCallingPermissionAudio(forWrite, callingPackage)) { |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_AUDIO)); |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_PLAYLIST)); |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_SUBTITLE)); |
| options.add(matchSharedPackagesClause |
| + " AND media_type=0 AND mime_type LIKE 'audio/%'"); |
| } |
| if (checkCallingPermissionVideo(forWrite, callingPackage)) { |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_VIDEO)); |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_SUBTITLE)); |
| options.add(matchSharedPackagesClause |
| + " AND media_type=0 AND mime_type LIKE 'video/%'"); |
| } |
| if (checkCallingPermissionImages(forWrite, callingPackage)) { |
| options.add(DatabaseUtils.bindSelection("media_type=?", |
| FileColumns.MEDIA_TYPE_IMAGE)); |
| options.add(matchSharedPackagesClause |
| + " AND media_type=0 AND mime_type LIKE 'image/%'"); |
| } |
| if (includedDefaultDirs != null) { |
| for (String defaultDir : includedDefaultDirs) { |
| options.add(FileColumns.RELATIVE_PATH + " LIKE '" + defaultDir + "/%'"); |
| } |
| } |
| } |
| if (options.size() > 0) { |
| appendWhereStandalone(qb, TextUtils.join(" OR ", options)); |
| } |
| |
| appendWhereStandaloneFilter(qb, new String[] { |
| AudioColumns.ARTIST_KEY, AudioColumns.ALBUM_KEY, AudioColumns.TITLE_KEY |
| }, filter); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_PENDING, matchPending, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_TRASHED, matchTrashed, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_FAVORITE, matchFavorite, uri); |
| if (honored != null) { |
| honored.accept(QUERY_ARG_MATCH_PENDING); |
| honored.accept(QUERY_ARG_MATCH_TRASHED); |
| honored.accept(QUERY_ARG_MATCH_FAVORITE); |
| } |
| if (!includeAllVolumes) { |
| appendWhereStandalone(qb, FileColumns.VOLUME_NAME + " IN " + includeVolumes); |
| } |
| break; |
| } |
| case DOWNLOADS_ID: |
| appendWhereStandalone(qb, "_id=?", uri.getPathSegments().get(2)); |
| matchPending = MATCH_INCLUDE; |
| matchTrashed = MATCH_INCLUDE; |
| // fall-through |
| case DOWNLOADS: { |
| if (type == TYPE_QUERY) { |
| qb.setTables("downloads"); |
| qb.setProjectionMap( |
| getProjectionMap(Downloads.class)); |
| } else { |
| qb.setTables("files"); |
| qb.setProjectionMap( |
| getProjectionMap(Downloads.class, Files.FileColumns.class)); |
| appendWhereStandalone(qb, FileColumns.IS_DOWNLOAD + "=1"); |
| } |
| |
| final ArrayList<String> options = new ArrayList<>(); |
| if (!allowGlobal && !allowLegacyRead) { |
| options.add(DatabaseUtils.bindSelection(matchSharedPackagesClause)); |
| if (allowLegacy) { |
| options.add(DatabaseUtils.bindSelection("volume_name=?", |
| MediaStore.VOLUME_EXTERNAL_PRIMARY)); |
| } |
| } |
| if (options.size() > 0) { |
| appendWhereStandalone(qb, TextUtils.join(" OR ", options)); |
| } |
| |
| appendWhereStandaloneMatch(qb, FileColumns.IS_PENDING, matchPending, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_TRASHED, matchTrashed, uri); |
| appendWhereStandaloneMatch(qb, FileColumns.IS_FAVORITE, matchFavorite, uri); |
| if (honored != null) { |
| honored.accept(QUERY_ARG_MATCH_PENDING); |
| honored.accept(QUERY_ARG_MATCH_TRASHED); |
| honored.accept(QUERY_ARG_MATCH_FAVORITE); |
| } |
| if (!includeAllVolumes) { |
| appendWhereStandalone(qb, FileColumns.VOLUME_NAME + " IN " + includeVolumes); |
| } |
| break; |
| } |
| default: |
| throw new UnsupportedOperationException( |
| "Unknown or unsupported URL: " + uri.toString()); |
| } |
| |
| // To ensure we're enforcing our security model, all operations must |
| // have a projection map configured |
| if (qb.getProjectionMap() == null) { |
| throw new IllegalStateException("All queries must have a projection map"); |
| } |
| |
| // If caller is an older app, we're willing to let through a |
| // greylist of technically invalid columns |
| if (getCallingPackageTargetSdkVersion() < Build.VERSION_CODES.Q) { |
| qb.setProjectionGreylist(sGreylist); |
| } |
| |
| return qb; |
| } |
| |
| /** |
| * @return {@code true} if app requests to include database rows from |
| * recently unmounted volume. |
| * {@code false} otherwise. |
| */ |
| private boolean shouldIncludeRecentlyUnmountedVolumes(Uri uri, Bundle extras) { |
| if (isFuseThread()) { |
| // File path requests don't require to query from unmounted volumes. |
| return false; |
| } |
| |
| boolean isIncludeVolumesChangeEnabled = SdkLevel.isAtLeastS() && |
| CompatChanges.isChangeEnabled(ENABLE_INCLUDE_ALL_VOLUMES, Binder.getCallingUid()); |
| if ("1".equals(uri.getQueryParameter(ALL_VOLUMES))) { |
| // Support uri parameter only in R OS and below. Apps should use |
| // MediaStore#QUERY_ARG_RECENTLY_UNMOUNTED_VOLUMES on S OS onwards. |
| if (!isIncludeVolumesChangeEnabled) { |
| return true; |
| } |
| throw new IllegalArgumentException("Unsupported uri parameter \"all_volumes\""); |
| } |
| if (isIncludeVolumesChangeEnabled) { |
| // MediaStore#QUERY_ARG_INCLUDE_RECENTLY_UNMOUNTED_VOLUMES is only supported on S OS and |
| // for app targeting targetSdk>=S. |
| return extras.getBoolean(MediaStore.QUERY_ARG_INCLUDE_RECENTLY_UNMOUNTED_VOLUMES, |
| false); |
| } |
| return false; |
| } |
| |
| /** |
| * Determine if given {@link Uri} has a |
| * {@link MediaColumns#OWNER_PACKAGE_NAME} column. |
| */ |
| private boolean hasOwnerPackageName(Uri uri) { |
| // It's easier to maintain this as an inverted list |
| final int table = matchUri(uri, true); |
| switch (table) { |
| case IMAGES_THUMBNAILS_ID: |
| case IMAGES_THUMBNAILS: |
| case VIDEO_THUMBNAILS_ID: |
| case VIDEO_THUMBNAILS: |
| case AUDIO_ALBUMART: |
| case AUDIO_ALBUMART_ID: |
| case AUDIO_ALBUMART_FILE_ID: |
| return false; |
| default: |
| return true; |
| } |
| } |
| |
| /** |
| * @deprecated all operations should be routed through the overload that |
| * accepts a {@link Bundle} of extras. |
| */ |
| @Override |
| @Deprecated |
| public int delete(Uri uri, String selection, String[] selectionArgs) { |
| return delete(uri, |
| DatabaseUtils.createSqlQueryBundle(selection, selectionArgs, null)); |
| } |
| |
| @Override |
| public int delete(@NonNull Uri uri, @Nullable Bundle extras) { |
| Trace.beginSection("delete"); |
| try { |
| return deleteInternal(uri, extras); |
| } catch (FallbackException e) { |
| return e.translateForUpdateDelete(getCallingPackageTargetSdkVersion()); |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| private int deleteInternal(@NonNull Uri uri, @Nullable Bundle extras) |
| throws FallbackException { |
| final String volumeName = getVolumeName(uri); |
| PulledMetrics.logVolumeAccessViaMediaProvider(getCallingUidOrSelf(), volumeName); |
| |
| extras = (extras != null) ? extras : new Bundle(); |
| // REDACTED_URI_BUNDLE_KEY extra should only be set inside MediaProvider. |
| extras.remove(QUERY_ARG_REDACTED_URI); |
| |
| if (isRedactedUri(uri)) { |
| // we don't support deletion on redacted uris. |
| return 0; |
| } |
| |
| // INCLUDED_DEFAULT_DIRECTORIES extra should only be set inside MediaProvider. |
| extras.remove(INCLUDED_DEFAULT_DIRECTORIES); |
| |
| uri = safeUncanonicalize(uri); |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final int match = matchUri(uri, allowHidden); |
| |
| switch (match) { |
| case AUDIO_MEDIA_ID: |
| case AUDIO_PLAYLISTS_ID: |
| case VIDEO_MEDIA_ID: |
| case IMAGES_MEDIA_ID: |
| case DOWNLOADS_ID: |
| case FILES_ID: { |
| if (!isFuseThread() && getCachedCallingIdentityForFuse(Binder.getCallingUid()). |
| removeDeletedRowId(Long.parseLong(uri.getLastPathSegment()))) { |
| // Apps sometimes delete the file via filePath and then try to delete the db row |
| // using MediaProvider#delete. Since we would have already deleted the db row |
| // during the filePath operation, the latter will result in a security |
| // exception. Apps which don't expect an exception will break here. Since we |
| // have already deleted the db row, silently return zero as deleted count. |
| return 0; |
| } |
| } |
| break; |
| default: |
| // For other match types, given uri will not correspond to a valid file. |
| break; |
| } |
| |
| final String userWhere = extras.getString(QUERY_ARG_SQL_SELECTION); |
| final String[] userWhereArgs = extras.getStringArray(QUERY_ARG_SQL_SELECTION_ARGS); |
| |
| int count = 0; |
| |
| final int targetSdkVersion = getCallingPackageTargetSdkVersion(); |
| |
| // handle MEDIA_SCANNER before calling getDatabaseForUri() |
| if (match == MEDIA_SCANNER) { |
| if (mMediaScannerVolume == null) { |
| return 0; |
| } |
| |
| final DatabaseHelper helper = getDatabaseForUri( |
| MediaStore.Files.getContentUri(mMediaScannerVolume)); |
| |
| helper.mScanStopTime = SystemClock.elapsedRealtime(); |
| |
| mMediaScannerVolume = null; |
| return 1; |
| } |
| |
| if (match == VOLUMES_ID) { |
| detachVolume(uri); |
| count = 1; |
| } |
| |
| final DatabaseHelper helper = getDatabaseForUri(uri); |
| switch (match) { |
| case AUDIO_PLAYLISTS_ID_MEMBERS_ID: |
| extras.putString(QUERY_ARG_SQL_SELECTION, |
| BaseColumns._ID + "=" + uri.getPathSegments().get(5)); |
| // fall-through |
| case AUDIO_PLAYLISTS_ID_MEMBERS: { |
| final long playlistId = Long.parseLong(uri.getPathSegments().get(3)); |
| final Uri playlistUri = ContentUris.withAppendedId( |
| MediaStore.Audio.Playlists.getContentUri(volumeName), playlistId); |
| |
| // Playlist contents are always persisted directly into playlist |
| // files on disk to ensure that we can reliably migrate between |
| // devices and recover from database corruption |
| int numOfRemovedPlaylistMembers = removePlaylistMembers(playlistUri, extras); |
| if (numOfRemovedPlaylistMembers > 0) { |
| acceptWithExpansion(helper::notifyDelete, volumeName, playlistId, |
| FileColumns.MEDIA_TYPE_PLAYLIST, false); |
| } |
| return numOfRemovedPlaylistMembers; |
| } |
| } |
| |
| final SQLiteQueryBuilder qb = getQueryBuilder(TYPE_DELETE, match, uri, extras, null); |
| |
| { |
| // Give callers interacting with a specific media item a chance to |
| // escalate access if they don't already have it |
| switch (match) { |
| case AUDIO_MEDIA_ID: |
| case VIDEO_MEDIA_ID: |
| case IMAGES_MEDIA_ID: |
| enforceCallingPermission(uri, extras, true); |
| } |
| |
| final String[] projection = new String[] { |
| FileColumns.MEDIA_TYPE, |
| FileColumns.DATA, |
| FileColumns._ID, |
| FileColumns.IS_DOWNLOAD, |
| FileColumns.MIME_TYPE, |
| }; |
| final boolean isFilesTable = qb.getTables().equals("files"); |
| final LongSparseArray<String> deletedDownloadIds = new LongSparseArray<>(); |
| final int[] countPerMediaType = new int[FileColumns.MEDIA_TYPE_COUNT]; |
| if (isFilesTable) { |
| String deleteparam = uri.getQueryParameter(MediaStore.PARAM_DELETE_DATA); |
| if (deleteparam == null || ! deleteparam.equals("false")) { |
| Cursor c = qb.query(helper, projection, userWhere, userWhereArgs, |
| null, null, null, null, null); |
| try { |
| while (c.moveToNext()) { |
| final int mediaType = c.getInt(0); |
| final String data = c.getString(1); |
| final long id = c.getLong(2); |
| final int isDownload = c.getInt(3); |
| final String mimeType = c.getString(4); |
| |
| // TODO(b/188782594) Consider logging mime type access on delete too. |
| |
| // Forget that caller is owner of this item |
| mCallingIdentity.get().setOwned(id, false); |
| |
| deleteIfAllowed(uri, extras, data); |
| int res = qb.delete(helper, BaseColumns._ID + "=" + id, null); |
| count += res; |
| // Avoid ArrayIndexOutOfBounds if more mediaTypes are added, |
| // but mediaTypeSize is not updated |
| if (res > 0 && mediaType < countPerMediaType.length) { |
| countPerMediaType[mediaType] += res; |
| } |
| |
| if (isDownload == 1) { |
| deletedDownloadIds.put(id, mimeType); |
| } |
| } |
| } finally { |
| FileUtils.closeQuietly(c); |
| } |
| // Do not allow deletion if the file/object is referenced as parent |
| // by some other entries. It could cause database corruption. |
| appendWhereStandalone(qb, ID_NOT_PARENT_CLAUSE); |
| } |
| } |
| |
| switch (match) { |
| case AUDIO_GENRES_ID_MEMBERS: |
| throw new FallbackException("Genres are read-only", Build.VERSION_CODES.R); |
| |
| case IMAGES_THUMBNAILS_ID: |
| case IMAGES_THUMBNAILS: |
| case VIDEO_THUMBNAILS_ID: |
| case VIDEO_THUMBNAILS: |
| // Delete the referenced files first. |
| Cursor c = qb.query(helper, sDataOnlyColumn, userWhere, userWhereArgs, null, |
| null, null, null, null); |
| if (c != null) { |
| try { |
| while (c.moveToNext()) { |
| deleteIfAllowed(uri, extras, c.getString(0)); |
| } |
| } finally { |
| FileUtils.closeQuietly(c); |
| } |
| } |
| count += deleteRecursive(qb, helper, userWhere, userWhereArgs); |
| break; |
| |
| default: |
| count += deleteRecursive(qb, helper, userWhere, userWhereArgs); |
| break; |
| } |
| |
| if (deletedDownloadIds.size() > 0) { |
| notifyDownloadManagerOnDelete(helper, deletedDownloadIds); |
| } |
| |
| // Check for other URI format grants for File API call only. Check right before |
| // returning count = 0, to leave positive cases performance unaffected. |
| if (count == 0 && isFuseThread()) { |
| count += deleteWithOtherUriGrants(uri, helper, projection, userWhere, userWhereArgs, |
| extras); |
| } |
| |
| if (isFilesTable && !isCallingPackageSelf()) { |
| Metrics.logDeletion(volumeName, mCallingIdentity.get().uid, |
| getCallingPackageOrSelf(), count, countPerMediaType); |
| } |
| } |
| |
| return count; |
| } |
| |
| private int deleteWithOtherUriGrants(@NonNull Uri uri, DatabaseHelper helper, |
| String[] projection, String userWhere, String[] userWhereArgs, |
| @Nullable Bundle extras) { |
| try (Cursor c = queryForSingleItemAsMediaProvider(uri, projection, userWhere, userWhereArgs, |
| null)) { |
| final int mediaType = c.getInt(0); |
| final String data = c.getString(1); |
| final long id = c.getLong(2); |
| final int isDownload = c.getInt(3); |
| final String mimeType = c.getString(4); |
| |
| final Uri uriGranted = getOtherUriGrantsForPath(data, mediaType, Long.toString(id), |
| /* forWrite */ true); |
| if (uriGranted != null) { |
| // 1. delete file |
| deleteIfAllowed(uriGranted, extras, data); |
| // 2. delete file row from the db |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final SQLiteQueryBuilder qb = getQueryBuilder(TYPE_DELETE, |
| matchUri(uriGranted, allowHidden), uriGranted, extras, null); |
| int count = qb.delete(helper, BaseColumns._ID + "=" + id, null); |
| |
| if (isDownload == 1) { |
| final LongSparseArray<String> deletedDownloadIds = new LongSparseArray<>(); |
| deletedDownloadIds.put(id, mimeType); |
| notifyDownloadManagerOnDelete(helper, deletedDownloadIds); |
| } |
| return count; |
| } |
| } catch (FileNotFoundException ignored) { |
| // Do nothing. Returns 0 files deleted. |
| } |
| return 0; |
| } |
| |
| private void notifyDownloadManagerOnDelete(DatabaseHelper helper, |
| LongSparseArray<String> deletedDownloadIds) { |
| // Do this on a background thread, since we don't want to make binder |
| // calls as part of a FUSE call. |
| helper.postBackground(() -> { |
| DownloadManager dm = getContext().getSystemService(DownloadManager.class); |
| if (dm != null) { |
| dm.onMediaStoreDownloadsDeleted(deletedDownloadIds); |
| } |
| }); |
| } |
| |
| /** |
| * Executes identical delete repeatedly within a single transaction until |
| * stability is reached. Combined with {@link #ID_NOT_PARENT_CLAUSE}, this |
| * can be used to recursively delete all matching entries, since it only |
| * deletes parents when no references remaining. |
| */ |
| private int deleteRecursive(SQLiteQueryBuilder qb, DatabaseHelper helper, String userWhere, |
| String[] userWhereArgs) { |
| return (int) helper.runWithTransaction((db) -> { |
| synchronized (mDirectoryCache) { |
| mDirectoryCache.clear(); |
| } |
| |
| int n = 0; |
| int total = 0; |
| do { |
| n = qb.delete(helper, userWhere, userWhereArgs); |
| total += n; |
| } while (n > 0); |
| return total; |
| }); |
| } |
| |
| @Nullable |
| @VisibleForTesting |
| Uri getRedactedUri(@NonNull Uri uri) { |
| if (!isUriSupportedForRedaction(uri)) { |
| return null; |
| } |
| |
| DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(uri); |
| } catch (VolumeNotFoundException e) { |
| throw e.rethrowAsIllegalArgumentException(); |
| } |
| |
| try (final Cursor c = helper.runWithoutTransaction( |
| (db) -> db.query("files", |
| new String[]{FileColumns.REDACTED_URI_ID}, FileColumns._ID + "=?", |
| new String[]{uri.getLastPathSegment()}, null, null, null))) { |
| // Database entry for uri not found. |
| if (!c.moveToFirst()) return null; |
| |
| String redactedUriID = c.getString(c.getColumnIndex(FileColumns.REDACTED_URI_ID)); |
| if (redactedUriID == null) { |
| // No redacted has even been created for this uri. Create a new redacted URI ID for |
| // the uri and store it in the DB. |
| redactedUriID = REDACTED_URI_ID_PREFIX + UUID.randomUUID().toString().replace("-", |
| ""); |
| |
| ContentValues cv = new ContentValues(); |
| cv.put(FileColumns.REDACTED_URI_ID, redactedUriID); |
| int rowsAffected = helper.runWithTransaction( |
| (db) -> db.update("files", cv, FileColumns._ID + "=?", |
| new String[]{uri.getLastPathSegment()})); |
| if (rowsAffected == 0) { |
| // this shouldn't happen ideally, only reason this might happen is if the db |
| // entry got deleted in b/w in which case we should return null. |
| return null; |
| } |
| } |
| |
| // Create and return a uri with ID = redactedUriID. |
| final Uri.Builder builder = ContentUris.removeId(uri).buildUpon(); |
| builder.appendPath(redactedUriID); |
| |
| return builder.build(); |
| } |
| } |
| |
| @NonNull |
| @VisibleForTesting |
| List<Uri> getRedactedUri(@NonNull List<Uri> uris) { |
| ArrayList<Uri> redactedUris = new ArrayList<>(); |
| for (Uri uri : uris) { |
| redactedUris.add(getRedactedUri(uri)); |
| } |
| |
| return redactedUris; |
| } |
| |
| @Override |
| public Bundle call(String method, String arg, Bundle extras) { |
| Trace.beginSection("call"); |
| try { |
| return callInternal(method, arg, extras); |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| private Bundle callInternal(String method, String arg, Bundle extras) { |
| switch (method) { |
| case MediaStore.RESOLVE_PLAYLIST_MEMBERS_CALL: { |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| final CallingIdentity providerToken = clearCallingIdentity(); |
| try { |
| final Uri playlistUri = extras.getParcelable(MediaStore.EXTRA_URI); |
| resolvePlaylistMembers(playlistUri); |
| } finally { |
| restoreCallingIdentity(providerToken); |
| restoreLocalCallingIdentity(token); |
| } |
| return null; |
| } |
| case MediaStore.RUN_IDLE_MAINTENANCE_CALL: { |
| // Protect ourselves from random apps by requiring a generic |
| // permission held by common debugging components, such as shell |
| getContext().enforceCallingOrSelfPermission( |
| android.Manifest.permission.DUMP, TAG); |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| final CallingIdentity providerToken = clearCallingIdentity(); |
| try { |
| onIdleMaintenance(new CancellationSignal()); |
| } finally { |
| restoreCallingIdentity(providerToken); |
| restoreLocalCallingIdentity(token); |
| } |
| return null; |
| } |
| case MediaStore.WAIT_FOR_IDLE_CALL: { |
| // TODO(b/195009139): Remove after overriding wait for idle in test to sync picker |
| // Syncing the picker while waiting for idle fixes tests with the picker db |
| // flag enabled because the picker db is in a consistent state with the external |
| // db after the sync |
| syncAllMedia(); |
| ForegroundThread.waitForIdle(); |
| final CountDownLatch latch = new CountDownLatch(1); |
| BackgroundThread.getExecutor().execute(() -> { |
| latch.countDown(); |
| }); |
| try { |
| latch.await(30, TimeUnit.SECONDS); |
| } catch (InterruptedException e) { |
| throw new IllegalStateException(e); |
| } |
| return null; |
| } |
| case MediaStore.SCAN_FILE_CALL: |
| case MediaStore.SCAN_VOLUME_CALL: { |
| final int userId = uidToUserId(Binder.getCallingUid()); |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| final CallingIdentity providerToken = clearCallingIdentity(); |
| try { |
| final Bundle res = new Bundle(); |
| switch (method) { |
| case MediaStore.SCAN_FILE_CALL: { |
| final File file = new File(arg); |
| res.putParcelable(Intent.EXTRA_STREAM, scanFile(file, REASON_DEMAND)); |
| break; |
| } |
| case MediaStore.SCAN_VOLUME_CALL: { |
| final String volumeName = arg; |
| try { |
| MediaVolume volume = mVolumeCache.findVolume(volumeName, |
| UserHandle.of(userId)); |
| MediaService.onScanVolume(getContext(), volume, REASON_DEMAND); |
| } catch (FileNotFoundException e) { |
| Log.w(TAG, "Failed to find volume " + volumeName, e); |
| } |
| break; |
| } |
| } |
| return res; |
| } catch (IOException e) { |
| throw new RuntimeException(e); |
| } finally { |
| restoreCallingIdentity(providerToken); |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| case MediaStore.GET_VERSION_CALL: { |
| final String volumeName = extras.getString(Intent.EXTRA_TEXT); |
| |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(MediaStore.Files.getContentUri(volumeName)); |
| } catch (VolumeNotFoundException e) { |
| throw e.rethrowAsIllegalArgumentException(); |
| } |
| |
| final String version = helper.runWithoutTransaction((db) -> { |
| return db.getVersion() + ":" + DatabaseHelper.getOrCreateUuid(db); |
| }); |
| |
| final Bundle res = new Bundle(); |
| res.putString(Intent.EXTRA_TEXT, version); |
| return res; |
| } |
| case MediaStore.GET_GENERATION_CALL: { |
| final String volumeName = extras.getString(Intent.EXTRA_TEXT); |
| |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(MediaStore.Files.getContentUri(volumeName)); |
| } catch (VolumeNotFoundException e) { |
| throw e.rethrowAsIllegalArgumentException(); |
| } |
| |
| final long generation = helper.runWithoutTransaction((db) -> { |
| return DatabaseHelper.getGeneration(db); |
| }); |
| |
| final Bundle res = new Bundle(); |
| res.putLong(Intent.EXTRA_INDEX, generation); |
| return res; |
| } |
| case MediaStore.GET_DOCUMENT_URI_CALL: { |
| final Uri mediaUri = extras.getParcelable(MediaStore.EXTRA_URI); |
| enforceCallingPermission(mediaUri, extras, false); |
| |
| final Uri fileUri; |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try { |
| fileUri = Uri.fromFile(queryForDataFile(mediaUri, null)); |
| } catch (FileNotFoundException e) { |
| throw new IllegalArgumentException(e); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| |
| try (ContentProviderClient client = getContext().getContentResolver() |
| .acquireUnstableContentProviderClient( |
| getExternalStorageProviderAuthority())) { |
| extras.putParcelable(MediaStore.EXTRA_URI, fileUri); |
| return client.call(method, null, extras); |
| } catch (RemoteException e) { |
| throw new IllegalStateException(e); |
| } |
| } |
| case MediaStore.GET_MEDIA_URI_CALL: { |
| final Uri documentUri = extras.getParcelable(MediaStore.EXTRA_URI); |
| getContext().enforceCallingUriPermission(documentUri, |
| Intent.FLAG_GRANT_READ_URI_PERMISSION, TAG); |
| |
| final int callingPid = mCallingIdentity.get().pid; |
| final int callingUid = mCallingIdentity.get().uid; |
| final String callingPackage = getCallingPackage(); |
| final CallingIdentity token = clearCallingIdentity(); |
| final String authority = documentUri.getAuthority(); |
| |
| if (!authority.equals(MediaDocumentsProvider.AUTHORITY) && |
| !authority.equals(DocumentsContract.EXTERNAL_STORAGE_PROVIDER_AUTHORITY)) { |
| throw new IllegalArgumentException("Provider for this Uri is not supported."); |
| } |
| |
| try (ContentProviderClient client = getContext().getContentResolver() |
| .acquireUnstableContentProviderClient(authority)) { |
| final Bundle clientRes = client.call(method, null, extras); |
| final Uri fileUri = clientRes.getParcelable(MediaStore.EXTRA_URI); |
| final Bundle res = new Bundle(); |
| final Uri mediaStoreUri = fileUri.getAuthority().equals(MediaStore.AUTHORITY) ? |
| fileUri : queryForMediaUri(new File(fileUri.getPath()), null); |
| copyUriPermissionGrants(documentUri, mediaStoreUri, callingPid, |
| callingUid, callingPackage); |
| res.putParcelable(MediaStore.EXTRA_URI, mediaStoreUri); |
| return res; |
| } catch (FileNotFoundException e) { |
| throw new IllegalArgumentException(e); |
| } catch (RemoteException e) { |
| throw new IllegalStateException(e); |
| } finally { |
| restoreCallingIdentity(token); |
| } |
| } |
| case MediaStore.GET_REDACTED_MEDIA_URI_CALL: { |
| final Uri uri = extras.getParcelable(MediaStore.EXTRA_URI); |
| // NOTE: It is ok to update the DB and return a redacted URI for the cases when |
| // the user code only has read access, hence we don't check for write permission. |
| enforceCallingPermission(uri, Bundle.EMPTY, false); |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try { |
| final Bundle res = new Bundle(); |
| res.putParcelable(MediaStore.EXTRA_URI, getRedactedUri(uri)); |
| return res; |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| case MediaStore.GET_REDACTED_MEDIA_URI_LIST_CALL: { |
| final List<Uri> uris = extras.getParcelableArrayList(MediaStore.EXTRA_URI_LIST); |
| // NOTE: It is ok to update the DB and return a redacted URI for the cases when |
| // the user code only has read access, hence we don't check for write permission. |
| enforceCallingPermission(uris, false); |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try { |
| final Bundle res = new Bundle(); |
| res.putParcelableArrayList(MediaStore.EXTRA_URI_LIST, |
| (ArrayList<? extends Parcelable>) getRedactedUri(uris)); |
| return res; |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| case MediaStore.CREATE_WRITE_REQUEST_CALL: |
| case MediaStore.CREATE_FAVORITE_REQUEST_CALL: |
| case MediaStore.CREATE_TRASH_REQUEST_CALL: |
| case MediaStore.CREATE_DELETE_REQUEST_CALL: { |
| final PendingIntent pi = createRequest(method, extras); |
| final Bundle res = new Bundle(); |
| res.putParcelable(MediaStore.EXTRA_RESULT, pi); |
| return res; |
| } |
| case MediaStore.IS_SYSTEM_GALLERY_CALL: |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try { |
| String packageName = arg; |
| int uid = extras.getInt(MediaStore.EXTRA_IS_SYSTEM_GALLERY_UID); |
| boolean isSystemGallery = PermissionUtils.checkWriteImagesOrVideoAppOps( |
| getContext(), uid, packageName, getContext().getAttributionTag()); |
| Bundle res = new Bundle(); |
| res.putBoolean(MediaStore.EXTRA_IS_SYSTEM_GALLERY_RESPONSE, isSystemGallery); |
| return res; |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| case MediaStore.SET_CLOUD_PROVIDER_CALL: { |
| // TODO(b/190713331): Remove after initial development |
| final String cloudProvider = extras.getString(MediaStore.EXTRA_CLOUD_PROVIDER); |
| Log.i(TAG, "Test initiated cloud provider switch: " + cloudProvider); |
| mPickerSyncController.forceSetCloudProvider(cloudProvider); |
| // fall-through |
| } |
| case MediaStore.SYNC_PROVIDERS_CALL: { |
| syncAllMedia(); |
| return new Bundle(); |
| } |
| case MediaStore.IS_SUPPORTED_CLOUD_PROVIDER_CALL: { |
| final boolean isSupported = mPickerSyncController.isProviderSupported(arg, |
| Binder.getCallingUid()); |
| |
| Bundle bundle = new Bundle(); |
| bundle.putBoolean(MediaStore.EXTRA_CLOUD_PROVIDER_RESULT, isSupported); |
| return bundle; |
| } |
| case MediaStore.IS_CURRENT_CLOUD_PROVIDER_CALL: { |
| final boolean isEnabled = mPickerSyncController.isProviderEnabled(arg, |
| Binder.getCallingUid()); |
| |
| Bundle bundle = new Bundle(); |
| bundle.putBoolean(MediaStore.EXTRA_CLOUD_PROVIDER_RESULT, isEnabled); |
| return bundle; |
| } |
| case MediaStore.NOTIFY_CLOUD_MEDIA_CHANGED_EVENT_CALL: { |
| final boolean notifyCloudEventResult; |
| if (mPickerSyncController.isProviderEnabled(arg, Binder.getCallingUid())) { |
| mPickerSyncController.notifyMediaEvent(); |
| notifyCloudEventResult = true; |
| } else { |
| notifyCloudEventResult = false; |
| } |
| |
| Bundle bundle = new Bundle(); |
| bundle.putBoolean(MediaStore.EXTRA_CLOUD_PROVIDER_RESULT, |
| notifyCloudEventResult); |
| return bundle; |
| } |
| case MediaStore.USES_FUSE_PASSTHROUGH: { |
| boolean isEnabled = false; |
| try { |
| FuseDaemon daemon = getFuseDaemonForFile(new File(arg)); |
| if (daemon != null) { |
| isEnabled = daemon.usesFusePassthrough(); |
| } |
| } catch (FileNotFoundException e) { |
| } |
| |
| Bundle bundle = new Bundle(); |
| bundle.putBoolean(MediaStore.USES_FUSE_PASSTHROUGH_RESULT, isEnabled); |
| return bundle; |
| } |
| default: |
| throw new UnsupportedOperationException("Unsupported call: " + method); |
| } |
| } |
| |
| private void syncAllMedia() { |
| // Clear the binder calling identity so that we can sync the unexported |
| // local_provider while running as MediaProvider |
| final long t = Binder.clearCallingIdentity(); |
| try { |
| Log.v(TAG, "Test initiated cloud provider sync"); |
| mPickerSyncController.syncAllMedia(); |
| } finally { |
| Binder.restoreCallingIdentity(t); |
| } |
| } |
| |
| private AssetFileDescriptor getOriginalMediaFormatFileDescriptor(Bundle extras) |
| throws FileNotFoundException { |
| try (ParcelFileDescriptor inputPfd = |
| extras.getParcelable(MediaStore.EXTRA_FILE_DESCRIPTOR)) { |
| File file = getFileFromFileDescriptor(inputPfd); |
| // Convert from FUSE file to lower fs file because the supportsTranscode() check below |
| // expects a lower fs file format |
| file = fromFuseFile(file); |
| if (!mTranscodeHelper.supportsTranscode(file.getPath())) { |
| // Note that we should be checking if a file is a modern format and not just |
| // that it supports transcoding, unfortunately, checking modern format |
| // requires either a db query or media scan which can lead to ANRs if apps |
| // or the system implicitly call this method as part of a |
| // MediaPlayer#setDataSource. |
| throw new FileNotFoundException("Input file descriptor is already original"); |
| } |
| |
| FuseDaemon fuseDaemon = getFuseDaemonForFile(file); |
| int uid = Binder.getCallingUid(); |
| |
| FdAccessResult result = fuseDaemon.checkFdAccess(inputPfd, uid); |
| if (!result.isSuccess()) { |
| throw new FileNotFoundException("Invalid path for original media format file"); |
| } |
| |
| String outputPath = result.filePath; |
| boolean shouldRedact = result.shouldRedact; |
| |
| int posixMode = Os.fcntlInt(inputPfd.getFileDescriptor(), F_GETFL, |
| 0 /* args */); |
| int modeBits = FileUtils.translateModePosixToPfd(posixMode); |
| |
| ParcelFileDescriptor pfd = openWithFuse(outputPath, uid, 0 /* mediaCapabilitiesUid */, |
| modeBits, shouldRedact, false /* shouldTranscode */, |
| 0 /* transcodeReason */); |
| return new AssetFileDescriptor(pfd, 0, AssetFileDescriptor.UNKNOWN_LENGTH); |
| } catch (IOException e) { |
| throw new FileNotFoundException("Failed to fetch original file descriptor"); |
| } catch (ErrnoException e) { |
| Log.w(TAG, "Failed to fetch access mode for file descriptor", e); |
| throw new FileNotFoundException("Failed to fetch access mode for file descriptor"); |
| } |
| } |
| |
| /** |
| * Grant similar read/write access for mediaStoreUri as the caller has for documentsUri. |
| * |
| * Note: This function assumes that read permission check for documentsUri is already enforced. |
| * Note: This function currently does not check/grant for persisted Uris. Support for this can |
| * be added eventually, but the calling application will have to call |
| * ContentResolver#takePersistableUriPermission(Uri, int) for the mediaStoreUri to persist. |
| * |
| * @param documentsUri DocumentsProvider format content Uri |
| * @param mediaStoreUri MediaStore format content Uri |
| * @param callingPid pid of the caller |
| * @param callingUid uid of the caller |
| * @param callingPackage package name of the caller |
| */ |
| private void copyUriPermissionGrants(Uri documentsUri, Uri mediaStoreUri, |
| int callingPid, int callingUid, String callingPackage) { |
| // No need to check for read permission, as we enforce it already. |
| int modeFlags = Intent.FLAG_GRANT_READ_URI_PERMISSION; |
| if (getContext().checkUriPermission(documentsUri, callingPid, callingUid, |
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION) == PERMISSION_GRANTED) { |
| modeFlags |= Intent.FLAG_GRANT_WRITE_URI_PERMISSION; |
| } |
| getContext().grantUriPermission(callingPackage, mediaStoreUri, modeFlags); |
| } |
| |
| static List<Uri> collectUris(ClipData clipData) { |
| final ArrayList<Uri> res = new ArrayList<>(); |
| for (int i = 0; i < clipData.getItemCount(); i++) { |
| res.add(clipData.getItemAt(i).getUri()); |
| } |
| return res; |
| } |
| |
| /** |
| * Return the filesystem path of the real file on disk that is represented |
| * by the given {@link ParcelFileDescriptor}. |
| * |
| * Note that the file may be a FUSE or lower fs file and depending on the purpose might need |
| * to be converted with {@link FileUtils#toFuseFile} or {@link FileUtils#fromFuseFile}. |
| * |
| * Copied from {@link ParcelFileDescriptor#getFile} |
| */ |
| private static File getFileFromFileDescriptor(ParcelFileDescriptor fileDescriptor) |
| throws IOException { |
| try { |
| final String path = Os.readlink("/proc/self/fd/" + fileDescriptor.getFd()); |
| if (OsConstants.S_ISREG(Os.stat(path).st_mode)) { |
| return new File(path); |
| } else { |
| throw new IOException("Not a regular file: " + path); |
| } |
| } catch (ErrnoException e) { |
| throw e.rethrowAsIOException(); |
| } |
| } |
| |
| /** |
| * Generate the {@link PendingIntent} for the given grant request. This |
| * method also checks the incoming arguments for security purposes |
| * before creating the privileged {@link PendingIntent}. |
| */ |
| private @NonNull PendingIntent createRequest(@NonNull String method, @NonNull Bundle extras) { |
| final ClipData clipData = extras.getParcelable(MediaStore.EXTRA_CLIP_DATA); |
| final List<Uri> uris = collectUris(clipData); |
| |
| for (Uri uri : uris) { |
| final int match = matchUri(uri, false); |
| switch (match) { |
| case IMAGES_MEDIA_ID: |
| case AUDIO_MEDIA_ID: |
| case VIDEO_MEDIA_ID: |
| case AUDIO_PLAYLISTS_ID: |
| // Caller is requesting a specific media item by its ID, |
| // which means it's valid for requests |
| break; |
| case FILES_ID: |
| // Allow only subtitle files |
| if (!isSubtitleFile(uri)) { |
| throw new IllegalArgumentException( |
| "All requested items must be Media items"); |
| } |
| break; |
| default: |
| throw new IllegalArgumentException( |
| "All requested items must be referenced by specific ID"); |
| } |
| } |
| |
| // Enforce that limited set of columns can be mutated |
| final ContentValues values = extras.getParcelable(MediaStore.EXTRA_CONTENT_VALUES); |
| final List<String> allowedColumns; |
| switch (method) { |
| case MediaStore.CREATE_FAVORITE_REQUEST_CALL: |
| allowedColumns = Arrays.asList( |
| MediaColumns.IS_FAVORITE); |
| break; |
| case MediaStore.CREATE_TRASH_REQUEST_CALL: |
| allowedColumns = Arrays.asList( |
| MediaColumns.IS_TRASHED); |
| break; |
| default: |
| allowedColumns = Arrays.asList(); |
| break; |
| } |
| if (values != null) { |
| for (String key : values.keySet()) { |
| if (!allowedColumns.contains(key)) { |
| throw new IllegalArgumentException("Invalid column " + key); |
| } |
| } |
| } |
| |
| final Context context = getContext(); |
| final Intent intent = new Intent(method, null, context, PermissionActivity.class); |
| intent.putExtras(extras); |
| return PendingIntent.getActivity(context, PermissionActivity.REQUEST_CODE, intent, |
| FLAG_ONE_SHOT | FLAG_CANCEL_CURRENT | FLAG_IMMUTABLE); |
| } |
| |
| /** |
| * @return true if the given Files uri has media_type=MEDIA_TYPE_SUBTITLE |
| */ |
| private boolean isSubtitleFile(Uri uri) { |
| final LocalCallingIdentity tokenInner = clearLocalCallingIdentity(); |
| try (Cursor cursor = queryForSingleItem(uri, new String[]{FileColumns.MEDIA_TYPE}, null, |
| null, null)) { |
| return cursor.getInt(0) == FileColumns.MEDIA_TYPE_SUBTITLE; |
| } catch (FileNotFoundException e) { |
| Log.e(TAG, "Couldn't find database row for requested uri " + uri, e); |
| } finally { |
| restoreLocalCallingIdentity(tokenInner); |
| } |
| return false; |
| } |
| |
| /** |
| * Ensure that all local databases have a custom collator registered for the |
| * given {@link ULocale} locale. |
| * |
| * @return the corresponding custom collation name to be used in |
| * {@code ORDER BY} clauses. |
| */ |
| private @NonNull String ensureCustomCollator(@NonNull String locale) { |
| // Quick check that requested locale looks reasonable |
| new ULocale(locale); |
| |
| final String collationName = "custom_" + locale.replaceAll("[^a-zA-Z]", ""); |
| synchronized (mCustomCollators) { |
| if (!mCustomCollators.contains(collationName)) { |
| for (DatabaseHelper helper : new DatabaseHelper[] { |
| mInternalDatabase, |
| mExternalDatabase |
| }) { |
| helper.runWithoutTransaction((db) -> { |
| db.execPerConnectionSQL("SELECT icu_load_collation(?, ?);", |
| new String[] { locale, collationName }); |
| return null; |
| }); |
| } |
| mCustomCollators.add(collationName); |
| } |
| } |
| return collationName; |
| } |
| |
| private int pruneThumbnails(@NonNull SQLiteDatabase db, @NonNull CancellationSignal signal) { |
| int prunedCount = 0; |
| |
| // Determine all known media items |
| final LongArray knownIds = new LongArray(); |
| try (Cursor c = db.query(true, "files", new String[] { BaseColumns._ID }, |
| null, null, null, null, null, null, signal)) { |
| while (c.moveToNext()) { |
| knownIds.add(c.getLong(0)); |
| } |
| } |
| |
| final long[] knownIdsRaw = knownIds.toArray(); |
| Arrays.sort(knownIdsRaw); |
| |
| for (MediaVolume volume : mVolumeCache.getExternalVolumes()) { |
| final List<File> thumbDirs; |
| try { |
| thumbDirs = getThumbnailDirectories(volume); |
| } catch (FileNotFoundException e) { |
| Log.w(TAG, "Failed to resolve volume " + volume.getName(), e); |
| continue; |
| } |
| |
| // Reconcile all thumbnails, deleting stale items |
| for (File thumbDir : thumbDirs) { |
| // Possibly bail before digging into each directory |
| signal.throwIfCanceled(); |
| |
| final File[] files = thumbDir.listFiles(); |
| for (File thumbFile : (files != null) ? files : new File[0]) { |
| if (Objects.equals(thumbFile.getName(), FILE_DATABASE_UUID)) continue; |
| final String name = FileUtils.extractFileName(thumbFile.getName()); |
| try { |
| final long id = Long.parseLong(name); |
| if (Arrays.binarySearch(knownIdsRaw, id) >= 0) { |
| // Thumbnail belongs to known media, keep it |
| continue; |
| } |
| } catch (NumberFormatException e) { |
| } |
| |
| Log.v(TAG, "Deleting stale thumbnail " + thumbFile); |
| deleteAndInvalidate(thumbFile); |
| prunedCount++; |
| } |
| } |
| } |
| |
| // Also delete stale items from legacy tables |
| db.execSQL("delete from thumbnails " |
| + "where image_id not in (select _id from images)"); |
| db.execSQL("delete from videothumbnails " |
| + "where video_id not in (select _id from video)"); |
| |
| return prunedCount; |
| } |
| |
| abstract class Thumbnailer { |
| final String directoryName; |
| |
| public Thumbnailer(String directoryName) { |
| this.directoryName = directoryName; |
| } |
| |
| private File getThumbnailFile(Uri uri) throws IOException { |
| final String volumeName = resolveVolumeName(uri); |
| final File volumePath = getVolumePath(volumeName); |
| return FileUtils.buildPath(volumePath, directoryName, |
| DIRECTORY_THUMBNAILS, ContentUris.parseId(uri) + ".jpg"); |
| } |
| |
| public abstract Bitmap getThumbnailBitmap(Uri uri, CancellationSignal signal) |
| throws IOException; |
| |
| public ParcelFileDescriptor ensureThumbnail(Uri uri, CancellationSignal signal) |
| throws IOException { |
| // First attempt to fast-path by opening the thumbnail; if it |
| // doesn't exist we fall through to create it below |
| final File thumbFile = getThumbnailFile(uri); |
| try { |
| return FileUtils.openSafely(thumbFile, |
| ParcelFileDescriptor.MODE_READ_ONLY); |
| } catch (FileNotFoundException ignored) { |
| } |
| |
| final File thumbDir = thumbFile.getParentFile(); |
| thumbDir.mkdirs(); |
| |
| // When multiple threads race for the same thumbnail, the second |
| // thread could return a file with a thumbnail still in |
| // progress. We could add heavy per-ID locking to mitigate this |
| // rare race condition, but it's simpler to have both threads |
| // generate the same thumbnail using temporary files and rename |
| // them into place once finished. |
| final File thumbTempFile = File.createTempFile("thumb", null, thumbDir); |
| |
| ParcelFileDescriptor thumbWrite = null; |
| ParcelFileDescriptor thumbRead = null; |
| try { |
| // Open our temporary file twice: once for local writing, and |
| // once for remote reading. Both FDs point at the same |
| // underlying inode on disk, so they're stable across renames |
| // to avoid race conditions between threads. |
| thumbWrite = FileUtils.openSafely(thumbTempFile, |
| ParcelFileDescriptor.MODE_WRITE_ONLY | ParcelFileDescriptor.MODE_CREATE); |
| thumbRead = FileUtils.openSafely(thumbTempFile, |
| ParcelFileDescriptor.MODE_READ_ONLY); |
| |
| final Bitmap thumbnail = getThumbnailBitmap(uri, signal); |
| thumbnail.compress(Bitmap.CompressFormat.JPEG, 90, |
| new FileOutputStream(thumbWrite.getFileDescriptor())); |
| |
| try { |
| // Use direct syscall for better failure logs |
| Os.rename(thumbTempFile.getAbsolutePath(), thumbFile.getAbsolutePath()); |
| } catch (ErrnoException e) { |
| e.rethrowAsIOException(); |
| } |
| |
| // Everything above went peachy, so return a duplicate of our |
| // already-opened read FD to keep our finally logic below simple |
| return thumbRead.dup(); |
| |
| } finally { |
| // Regardless of success or failure, try cleaning up any |
| // remaining temporary file and close all our local FDs |
| FileUtils.closeQuietly(thumbWrite); |
| FileUtils.closeQuietly(thumbRead); |
| deleteAndInvalidate(thumbTempFile); |
| } |
| } |
| |
| public void invalidateThumbnail(Uri uri) throws IOException { |
| deleteAndInvalidate(getThumbnailFile(uri)); |
| } |
| } |
| |
| private Thumbnailer mAudioThumbnailer = new Thumbnailer(Environment.DIRECTORY_MUSIC) { |
| @Override |
| public Bitmap getThumbnailBitmap(Uri uri, CancellationSignal signal) throws IOException { |
| return ThumbnailUtils.createAudioThumbnail(queryForDataFile(uri, signal), |
| mThumbSize, signal); |
| } |
| }; |
| |
| private Thumbnailer mVideoThumbnailer = new Thumbnailer(Environment.DIRECTORY_MOVIES) { |
| @Override |
| public Bitmap getThumbnailBitmap(Uri uri, CancellationSignal signal) throws IOException { |
| return ThumbnailUtils.createVideoThumbnail(queryForDataFile(uri, signal), |
| mThumbSize, signal); |
| } |
| }; |
| |
| private Thumbnailer mImageThumbnailer = new Thumbnailer(Environment.DIRECTORY_PICTURES) { |
| @Override |
| public Bitmap getThumbnailBitmap(Uri uri, CancellationSignal signal) throws IOException { |
| return ThumbnailUtils.createImageThumbnail(queryForDataFile(uri, signal), |
| mThumbSize, signal); |
| } |
| }; |
| |
| private List<File> getThumbnailDirectories(MediaVolume volume) throws FileNotFoundException { |
| final File volumePath = volume.getPath(); |
| return Arrays.asList( |
| FileUtils.buildPath(volumePath, Environment.DIRECTORY_MUSIC, DIRECTORY_THUMBNAILS), |
| FileUtils.buildPath(volumePath, Environment.DIRECTORY_MOVIES, DIRECTORY_THUMBNAILS), |
| FileUtils.buildPath(volumePath, Environment.DIRECTORY_PICTURES, |
| DIRECTORY_THUMBNAILS)); |
| } |
| |
| private void invalidateThumbnails(Uri uri) { |
| Trace.beginSection("invalidateThumbnails"); |
| try { |
| invalidateThumbnailsInternal(uri); |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| private void invalidateThumbnailsInternal(Uri uri) { |
| final long id = ContentUris.parseId(uri); |
| try { |
| mAudioThumbnailer.invalidateThumbnail(uri); |
| mVideoThumbnailer.invalidateThumbnail(uri); |
| mImageThumbnailer.invalidateThumbnail(uri); |
| } catch (IOException ignored) { |
| } |
| |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(uri); |
| } catch (VolumeNotFoundException e) { |
| Log.w(TAG, e); |
| return; |
| } |
| |
| helper.runWithTransaction((db) -> { |
| final String idString = Long.toString(id); |
| try (Cursor c = db.rawQuery("select _data from thumbnails where image_id=?" |
| + " union all select _data from videothumbnails where video_id=?", |
| new String[] { idString, idString })) { |
| while (c.moveToNext()) { |
| String path = c.getString(0); |
| deleteIfAllowed(uri, Bundle.EMPTY, path); |
| } |
| } |
| |
| db.execSQL("delete from thumbnails where image_id=?", new String[] { idString }); |
| db.execSQL("delete from videothumbnails where video_id=?", new String[] { idString }); |
| return null; |
| }); |
| } |
| |
| /** |
| * @deprecated all operations should be routed through the overload that |
| * accepts a {@link Bundle} of extras. |
| */ |
| @Override |
| @Deprecated |
| public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) { |
| return update(uri, values, |
| DatabaseUtils.createSqlQueryBundle(selection, selectionArgs, null)); |
| } |
| |
| @Override |
| public int update(@NonNull Uri uri, @Nullable ContentValues values, |
| @Nullable Bundle extras) { |
| Trace.beginSection("update"); |
| try { |
| return updateInternal(uri, values, extras); |
| } catch (FallbackException e) { |
| return e.translateForUpdateDelete(getCallingPackageTargetSdkVersion()); |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| private int updateInternal(@NonNull Uri uri, @Nullable ContentValues initialValues, |
| @Nullable Bundle extras) throws FallbackException { |
| final String volumeName = getVolumeName(uri); |
| PulledMetrics.logVolumeAccessViaMediaProvider(getCallingUidOrSelf(), volumeName); |
| |
| extras = (extras != null) ? extras : new Bundle(); |
| // REDACTED_URI_BUNDLE_KEY extra should only be set inside MediaProvider. |
| extras.remove(QUERY_ARG_REDACTED_URI); |
| |
| if (isRedactedUri(uri)) { |
| // we don't support update on redacted uris. |
| return 0; |
| } |
| |
| // Related items are only considered for new media creation, and they |
| // can't be leveraged to move existing content into blocked locations |
| extras.remove(QUERY_ARG_RELATED_URI); |
| // INCLUDED_DEFAULT_DIRECTORIES extra should only be set inside MediaProvider. |
| extras.remove(INCLUDED_DEFAULT_DIRECTORIES); |
| |
| final String userWhere = extras.getString(QUERY_ARG_SQL_SELECTION); |
| final String[] userWhereArgs = extras.getStringArray(QUERY_ARG_SQL_SELECTION_ARGS); |
| |
| // Limit the hacky workaround to camera targeting Q and below, to allow newer versions |
| // of camera that does the right thing to work correctly. |
| if ("com.google.android.GoogleCamera".equals(getCallingPackageOrSelf()) |
| && getCallingPackageTargetSdkVersion() <= Build.VERSION_CODES.Q) { |
| if (matchUri(uri, false) == IMAGES_MEDIA_ID) { |
| Log.w(TAG, "Working around app bug in b/111966296"); |
| uri = MediaStore.Files.getContentUri("external", ContentUris.parseId(uri)); |
| } else if (matchUri(uri, false) == VIDEO_MEDIA_ID) { |
| Log.w(TAG, "Working around app bug in b/112246630"); |
| uri = MediaStore.Files.getContentUri("external", ContentUris.parseId(uri)); |
| } |
| } |
| |
| uri = safeUncanonicalize(uri); |
| |
| int count; |
| |
| final int targetSdkVersion = getCallingPackageTargetSdkVersion(); |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final int match = matchUri(uri, allowHidden); |
| final DatabaseHelper helper = getDatabaseForUri(uri); |
| |
| switch (match) { |
| case AUDIO_PLAYLISTS_ID_MEMBERS_ID: |
| extras.putString(QUERY_ARG_SQL_SELECTION, |
| BaseColumns._ID + "=" + uri.getPathSegments().get(5)); |
| // fall-through |
| case AUDIO_PLAYLISTS_ID_MEMBERS: { |
| final long playlistId = Long.parseLong(uri.getPathSegments().get(3)); |
| final Uri playlistUri = ContentUris.withAppendedId( |
| MediaStore.Audio.Playlists.getContentUri(volumeName), playlistId); |
| if (uri.getBooleanQueryParameter("move", false)) { |
| // Convert explicit request into query; sigh, moveItem() |
| // uses zero-based indexing instead of one-based indexing |
| final int from = Integer.parseInt(uri.getPathSegments().get(5)) + 1; |
| final int to = initialValues.getAsInteger(Playlists.Members.PLAY_ORDER) + 1; |
| extras.putString(QUERY_ARG_SQL_SELECTION, |
| Playlists.Members.PLAY_ORDER + "=" + from); |
| initialValues.put(Playlists.Members.PLAY_ORDER, to); |
| } |
| |
| // Playlist contents are always persisted directly into playlist |
| // files on disk to ensure that we can reliably migrate between |
| // devices and recover from database corruption |
| final int index; |
| if (initialValues.containsKey(Playlists.Members.PLAY_ORDER)) { |
| index = movePlaylistMembers(playlistUri, initialValues, extras); |
| } else { |
| index = resolvePlaylistIndex(playlistUri, extras); |
| } |
| if (initialValues.containsKey(Playlists.Members.AUDIO_ID)) { |
| final Bundle queryArgs = new Bundle(); |
| queryArgs.putString(QUERY_ARG_SQL_SELECTION, |
| Playlists.Members.PLAY_ORDER + "=" + (index + 1)); |
| removePlaylistMembers(playlistUri, queryArgs); |
| |
| final ContentValues values = new ContentValues(); |
| values.put(Playlists.Members.AUDIO_ID, |
| initialValues.getAsString(Playlists.Members.AUDIO_ID)); |
| values.put(Playlists.Members.PLAY_ORDER, (index + 1)); |
| addPlaylistMembers(playlistUri, values); |
| } |
| |
| acceptWithExpansion(helper::notifyUpdate, volumeName, playlistId, |
| FileColumns.MEDIA_TYPE_PLAYLIST, false); |
| return 1; |
| } |
| } |
| |
| final SQLiteQueryBuilder qb = getQueryBuilder(TYPE_UPDATE, match, uri, extras, null); |
| |
| // Give callers interacting with a specific media item a chance to |
| // escalate access if they don't already have it |
| switch (match) { |
| case AUDIO_MEDIA_ID: |
| case VIDEO_MEDIA_ID: |
| case IMAGES_MEDIA_ID: |
| enforceCallingPermission(uri, extras, true); |
| } |
| |
| boolean triggerInvalidate = false; |
| boolean triggerScan = false; |
| boolean isUriPublished = false; |
| if (initialValues != null) { |
| // IDs are forever; nobody should be editing them |
| initialValues.remove(MediaColumns._ID); |
| |
| // Expiration times are hard-coded; let's derive them |
| FileUtils.computeDateExpires(initialValues); |
| |
| // Ignore or augment incoming raw filesystem paths |
| for (String column : sDataColumns.keySet()) { |
| if (!initialValues.containsKey(column)) continue; |
| |
| if (isCallingPackageSelf() || isCallingPackageLegacyWrite()) { |
| // Mutation allowed |
| } else { |
| Log.w(TAG, "Ignoring mutation of " + column + " from " |
| + getCallingPackageOrSelf()); |
| initialValues.remove(column); |
| } |
| } |
| |
| // Enforce allowed ownership transfers |
| if (initialValues.containsKey(MediaColumns.OWNER_PACKAGE_NAME)) { |
| if (isCallingPackageSelf() || isCallingPackageShell()) { |
| // When the caller is the media scanner or the shell, we let |
| // them change ownership however they see fit; nothing to do |
| } else if (isCallingPackageDelegator()) { |
| // When the caller is a delegator, allow them to shift |
| // ownership only when current owner, or when ownerless |
| final String currentOwner; |
| final String proposedOwner = initialValues |
| .getAsString(MediaColumns.OWNER_PACKAGE_NAME); |
| final Uri genericUri = MediaStore.Files.getContentUri(volumeName, |
| ContentUris.parseId(uri)); |
| try (Cursor c = queryForSingleItem(genericUri, |
| new String[] { MediaColumns.OWNER_PACKAGE_NAME }, null, null, null)) { |
| currentOwner = c.getString(0); |
| } catch (FileNotFoundException e) { |
| throw new IllegalStateException(e); |
| } |
| final boolean transferAllowed = (currentOwner == null) |
| || Arrays.asList(getSharedPackagesForPackage(getCallingPackageOrSelf())) |
| .contains(currentOwner); |
| if (transferAllowed) { |
| Log.v(TAG, "Ownership transfer from " + currentOwner + " to " |
| + proposedOwner + " allowed"); |
| } else { |
| Log.w(TAG, "Ownership transfer from " + currentOwner + " to " |
| + proposedOwner + " blocked"); |
| initialValues.remove(MediaColumns.OWNER_PACKAGE_NAME); |
| } |
| } else { |
| // Otherwise no ownership changes are allowed |
| initialValues.remove(MediaColumns.OWNER_PACKAGE_NAME); |
| } |
| } |
| |
| if (!isCallingPackageSelf()) { |
| Trace.beginSection("filter"); |
| |
| // We default to filtering mutable columns, except when we know |
| // the single item being updated is pending; when it's finally |
| // published we'll overwrite these values. |
| final Uri finalUri = uri; |
| final Supplier<Boolean> isPending = new CachedSupplier<>(() -> { |
| return isPending(finalUri); |
| }); |
| |
| // Column values controlled by media scanner aren't writable by |
| // apps, since any edits here don't reflect the metadata on |
| // disk, and they'd be overwritten during a rescan. |
| for (String column : new ArraySet<>(initialValues.keySet())) { |
| if (sMutableColumns.contains(column)) { |
| // Mutation normally allowed |
| } else if (isPending.get()) { |
| // Mutation relaxed while pending |
| } else { |
| Log.w(TAG, "Ignoring mutation of " + column + " from " |
| + getCallingPackageOrSelf()); |
| initialValues.remove(column); |
| triggerScan = true; |
| } |
| |
| // If we're publishing this item, perform a blocking scan to |
| // make sure metadata is updated |
| if (MediaColumns.IS_PENDING.equals(column)) { |
| triggerScan = true; |
| isUriPublished = true; |
| // Explicitly clear columns used to ignore no-op scans, |
| // since we need to force a scan on publish |
| initialValues.putNull(MediaColumns.DATE_MODIFIED); |
| initialValues.putNull(MediaColumns.SIZE); |
| } |
| } |
| |
| Trace.endSection(); |
| } |
| |
| if ("files".equals(qb.getTables())) { |
| maybeMarkAsDownload(initialValues); |
| } |
| |
| // We no longer track location metadata |
| if (initialValues.containsKey(ImageColumns.LATITUDE)) { |
| initialValues.putNull(ImageColumns.LATITUDE); |
| } |
| if (initialValues.containsKey(ImageColumns.LONGITUDE)) { |
| initialValues.putNull(ImageColumns.LONGITUDE); |
| } |
| if (getCallingPackageTargetSdkVersion() <= Build.VERSION_CODES.Q) { |
| // These columns are removed in R. |
| if (initialValues.containsKey("primary_directory")) { |
| initialValues.remove("primary_directory"); |
| } |
| if (initialValues.containsKey("secondary_directory")) { |
| initialValues.remove("secondary_directory"); |
| } |
| } |
| } |
| |
| // If we're not updating anything, then we can skip |
| if (initialValues.isEmpty()) return 0; |
| |
| final boolean isThumbnail; |
| switch (match) { |
| case IMAGES_THUMBNAILS: |
| case IMAGES_THUMBNAILS_ID: |
| case VIDEO_THUMBNAILS: |
| case VIDEO_THUMBNAILS_ID: |
| case AUDIO_ALBUMART: |
| case AUDIO_ALBUMART_ID: |
| isThumbnail = true; |
| break; |
| default: |
| isThumbnail = false; |
| break; |
| } |
| |
| switch (match) { |
| case AUDIO_PLAYLISTS: |
| case AUDIO_PLAYLISTS_ID: |
| // Playlist names are stored as display names, but leave |
| // values untouched if the caller is ModernMediaScanner |
| if (!isCallingPackageSelf()) { |
| if (initialValues.containsKey(Playlists.NAME)) { |
| initialValues.put(MediaColumns.DISPLAY_NAME, |
| initialValues.getAsString(Playlists.NAME)); |
| } |
| if (!initialValues.containsKey(MediaColumns.MIME_TYPE)) { |
| initialValues.put(MediaColumns.MIME_TYPE, "audio/mpegurl"); |
| } |
| } |
| break; |
| } |
| |
| // If we're touching columns that would change placement of a file, |
| // blend in current values and recalculate path |
| final boolean allowMovement = extras.getBoolean(MediaStore.QUERY_ARG_ALLOW_MOVEMENT, |
| !isCallingPackageSelf()); |
| if (containsAny(initialValues.keySet(), sPlacementColumns) |
| && !initialValues.containsKey(MediaColumns.DATA) |
| && !isThumbnail |
| && allowMovement) { |
| Trace.beginSection("movement"); |
| |
| // We only support movement under well-defined collections |
| switch (match) { |
| case AUDIO_MEDIA_ID: |
| case AUDIO_PLAYLISTS_ID: |
| case VIDEO_MEDIA_ID: |
| case IMAGES_MEDIA_ID: |
| case DOWNLOADS_ID: |
| case FILES_ID: |
| break; |
| default: |
| throw new IllegalArgumentException("Movement of " + uri |
| + " which isn't part of well-defined collection not allowed"); |
| } |
| |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| final Uri genericUri = MediaStore.Files.getContentUri(volumeName, |
| ContentUris.parseId(uri)); |
| try (Cursor c = queryForSingleItem(genericUri, |
| sPlacementColumns.toArray(new String[0]), userWhere, userWhereArgs, null)) { |
| for (int i = 0; i < c.getColumnCount(); i++) { |
| final String column = c.getColumnName(i); |
| if (!initialValues.containsKey(column)) { |
| initialValues.put(column, c.getString(i)); |
| } |
| } |
| } catch (FileNotFoundException e) { |
| throw new IllegalStateException(e); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| |
| // Regenerate path using blended values; this will throw if caller |
| // is attempting to place file into invalid location |
| final String beforePath = initialValues.getAsString(MediaColumns.DATA); |
| final String beforeVolume = extractVolumeName(beforePath); |
| final String beforeOwner = extractPathOwnerPackageName(beforePath); |
| |
| initialValues.remove(MediaColumns.DATA); |
| ensureNonUniqueFileColumns(match, uri, extras, initialValues, beforePath); |
| |
| final String probePath = initialValues.getAsString(MediaColumns.DATA); |
| final String probeVolume = extractVolumeName(probePath); |
| final String probeOwner = extractPathOwnerPackageName(probePath); |
| if (Objects.equals(beforePath, probePath)) { |
| Log.d(TAG, "Identical paths " + beforePath + "; not moving"); |
| } else if (!Objects.equals(beforeVolume, probeVolume)) { |
| throw new IllegalArgumentException("Changing volume from " + beforePath + " to " |
| + probePath + " not allowed"); |
| } else if (!isUpdateAllowedForOwnedPath(beforeOwner, probeOwner, beforePath, |
| probePath)) { |
| throw new IllegalArgumentException("Changing ownership from " + beforePath + " to " |
| + probePath + " not allowed"); |
| } else { |
| // Now that we've confirmed an actual movement is taking place, |
| // ensure we have a unique destination |
| initialValues.remove(MediaColumns.DATA); |
| ensureUniqueFileColumns(match, uri, extras, initialValues, beforePath); |
| |
| String afterPath = initialValues.getAsString(MediaColumns.DATA); |
| |
| if (isCrossUserEnabled()) { |
| String afterVolume = extractVolumeName(afterPath); |
| String afterVolumePath = extractVolumePath(afterPath); |
| String beforeVolumePath = extractVolumePath(beforePath); |
| |
| if (MediaStore.VOLUME_EXTERNAL_PRIMARY.equals(beforeVolume) |
| && beforeVolume.equals(afterVolume) |
| && !beforeVolumePath.equals(afterVolumePath)) { |
| // On cross-user enabled devices, it can happen that a rename intended as |
| // /storage/emulated/999/foo -> /storage/emulated/999/foo can end up as |
| // /storage/emulated/999/foo -> /storage/emulated/0/foo. We now fix-up |
| afterPath = afterPath.replaceFirst(afterVolumePath, beforeVolumePath); |
| } |
| } |
| |
| Log.d(TAG, "Moving " + beforePath + " to " + afterPath); |
| try { |
| Os.rename(beforePath, afterPath); |
| invalidateFuseDentry(beforePath); |
| invalidateFuseDentry(afterPath); |
| } catch (ErrnoException e) { |
| if (e.errno == OsConstants.ENOENT) { |
| Log.d(TAG, "Missing file at " + beforePath + "; continuing anyway"); |
| } else { |
| throw new IllegalStateException(e); |
| } |
| } |
| initialValues.put(MediaColumns.DATA, afterPath); |
| |
| // Some indexed metadata may have been derived from the path on |
| // disk, so scan this item again to update it |
| triggerScan = true; |
| } |
| |
| Trace.endSection(); |
| } |
| |
| assertPrivatePathNotInValues(initialValues); |
| |
| // Make sure any updated paths look consistent |
| assertFileColumnsConsistent(match, uri, initialValues); |
| |
| if (initialValues.containsKey(FileColumns.DATA)) { |
| // If we're changing paths, invalidate any thumbnails |
| triggerInvalidate = true; |
| |
| // If the new file exists, trigger a scan to adjust any metadata |
| // that might be derived from the path |
| final String data = initialValues.getAsString(FileColumns.DATA); |
| if (!TextUtils.isEmpty(data) && new File(data).exists()) { |
| triggerScan = true; |
| } |
| } |
| |
| // If we're already doing this update from an internal scan, no need to |
| // kick off another no-op scan |
| if (isCallingPackageSelf()) { |
| triggerScan = false; |
| } |
| |
| // Since the update mutation may prevent us from matching items after |
| // it's applied, we need to snapshot affected IDs here |
| final LongArray updatedIds = new LongArray(); |
| if (triggerInvalidate || triggerScan) { |
| Trace.beginSection("snapshot"); |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try (Cursor c = qb.query(helper, new String[] { FileColumns._ID }, |
| userWhere, userWhereArgs, null, null, null, null, null)) { |
| while (c.moveToNext()) { |
| updatedIds.add(c.getLong(0)); |
| } |
| } finally { |
| restoreLocalCallingIdentity(token); |
| Trace.endSection(); |
| } |
| } |
| |
| final ContentValues values = new ContentValues(initialValues); |
| switch (match) { |
| case AUDIO_MEDIA_ID: |
| case AUDIO_PLAYLISTS_ID: |
| case VIDEO_MEDIA_ID: |
| case IMAGES_MEDIA_ID: |
| case FILES_ID: |
| case DOWNLOADS_ID: { |
| FileUtils.computeValuesFromData(values, isFuseThread()); |
| break; |
| } |
| } |
| |
| if (initialValues.containsKey(FileColumns.MEDIA_TYPE)) { |
| final int mediaType = initialValues.getAsInteger(FileColumns.MEDIA_TYPE); |
| switch (mediaType) { |
| case FileColumns.MEDIA_TYPE_AUDIO: { |
| computeAudioLocalizedValues(values); |
| computeAudioKeyValues(values); |
| break; |
| } |
| } |
| } |
| |
| boolean deferScan = false; |
| if (triggerScan) { |
| if (SdkLevel.isAtLeastS() && |
| CompatChanges.isChangeEnabled(ENABLE_DEFERRED_SCAN, Binder.getCallingUid())) { |
| if (extras.containsKey(QUERY_ARG_DO_ASYNC_SCAN)) { |
| throw new IllegalArgumentException("Unsupported argument " + |
| QUERY_ARG_DO_ASYNC_SCAN + " used in extras"); |
| } |
| deferScan = extras.getBoolean(QUERY_ARG_DEFER_SCAN, false); |
| if (deferScan && initialValues.containsKey(MediaColumns.IS_PENDING) && |
| (initialValues.getAsInteger(MediaColumns.IS_PENDING) == 1)) { |
| // if the scan runs in async, ensure that the database row is excluded in |
| // default query until the metadata is updated by deferred scan. |
| // Apps will still be able to see this database row when queried with |
| // QUERY_ARG_MATCH_PENDING=MATCH_INCLUDE |
| values.put(FileColumns._MODIFIER, FileColumns._MODIFIER_CR_PENDING_METADATA); |
| qb.allowColumn(FileColumns._MODIFIER); |
| } |
| } else { |
| // Allow apps to use QUERY_ARG_DO_ASYNC_SCAN if the device is R or app is targeting |
| // targetSDK<=R. |
| deferScan = extras.getBoolean(QUERY_ARG_DO_ASYNC_SCAN, false); |
| } |
| } |
| |
| count = updateAllowingReplace(qb, helper, values, userWhere, userWhereArgs); |
| |
| // If the caller tried (and failed) to update metadata, the file on disk |
| // might have changed, to scan it to collect the latest metadata. |
| if (triggerInvalidate || triggerScan) { |
| Trace.beginSection("invalidate"); |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try { |
| for (int i = 0; i < updatedIds.size(); i++) { |
| final long updatedId = updatedIds.get(i); |
| final Uri updatedUri = Files.getContentUri(volumeName, updatedId); |
| helper.postBackground(() -> { |
| invalidateThumbnails(updatedUri); |
| }); |
| |
| if (triggerScan) { |
| try (Cursor c = queryForSingleItem(updatedUri, |
| new String[] { FileColumns.DATA }, null, null, null)) { |
| final File file = new File(c.getString(0)); |
| final boolean notifyTranscodeHelper = isUriPublished; |
| if (deferScan) { |
| helper.postBackground(() -> { |
| scanFileAsMediaProvider(file, REASON_DEMAND); |
| if (notifyTranscodeHelper) { |
| notifyTranscodeHelperOnUriPublished(updatedUri); |
| } |
| }); |
| } else { |
| helper.postBlocking(() -> { |
| scanFileAsMediaProvider(file, REASON_DEMAND); |
| if (notifyTranscodeHelper) { |
| notifyTranscodeHelperOnUriPublished(updatedUri); |
| } |
| }); |
| } |
| } catch (Exception e) { |
| Log.w(TAG, "Failed to update metadata for " + updatedUri, e); |
| } |
| } |
| } |
| } finally { |
| restoreLocalCallingIdentity(token); |
| Trace.endSection(); |
| } |
| } |
| |
| return count; |
| } |
| |
| private boolean isUpdateAllowedForOwnedPath(@Nullable String srcOwner, |
| @Nullable String destOwner, @NonNull String srcPath, @NonNull String destPath) { |
| // 1. Allow if the update is within owned path |
| // update() from /sdcard/Android/media/com.foo/ABC/image.jpeg to |
| // /sdcard/Android/media/com.foo/XYZ/image.jpeg - Allowed |
| if(Objects.equals(srcOwner, destOwner)) { |
| return true; |
| } |
| |
| // 2. Check if the calling package is a special app which has global access |
| if (isCallingPackageManager() || |
| (canAccessMediaFile(srcPath, /* excludeNonSystemGallery */ true) && |
| (canAccessMediaFile(destPath, /* excludeNonSystemGallery */ true)))) { |
| return true; |
| } |
| |
| // 3. Allow update from srcPath if the source is not a owned path or calling package is the |
| // owner of the source path or calling package shares the UID with the owner of the source |
| // path |
| // update() from /sdcard/DCIM/Foo.jpeg - Allowed |
| // update() from /sdcard/Android/media/com.foo/image.jpeg - Allowed for |
| // callingPackage=com.foo, not allowed for callingPackage=com.bar |
| final boolean isSrcUpdateAllowed = srcOwner == null |
| || isCallingIdentitySharedPackageName(srcOwner); |
| |
| // 4. Allow update to dstPath if the destination is not a owned path or calling package is |
| // the owner of the destination path or calling package shares the UID with the owner of the |
| // destination path |
| // update() to /sdcard/Pictures/image.jpeg - Allowed |
| // update() to /sdcard/Android/media/com.foo/image.jpeg - Allowed for |
| // callingPackage=com.foo, not allowed for callingPackage=com.bar |
| final boolean isDestUpdateAllowed = destOwner == null |
| || isCallingIdentitySharedPackageName(destOwner); |
| |
| return isSrcUpdateAllowed && isDestUpdateAllowed; |
| } |
| |
| private void notifyTranscodeHelperOnUriPublished(Uri uri) { |
| BackgroundThread.getExecutor().execute(() -> { |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try { |
| mTranscodeHelper.onUriPublished(uri); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| }); |
| } |
| |
| private void notifyTranscodeHelperOnFileOpen(String path, String ioPath, int uid, |
| int transformsReason) { |
| BackgroundThread.getExecutor().execute(() -> { |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try { |
| mTranscodeHelper.onFileOpen(path, ioPath, uid, transformsReason); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| }); |
| } |
| |
| /** |
| * Update row(s) that match {@code userWhere} in MediaProvider database with {@code values}. |
| * Treats update as replace for updates with conflicts. |
| */ |
| private int updateAllowingReplace(@NonNull SQLiteQueryBuilder qb, |
| @NonNull DatabaseHelper helper, @NonNull ContentValues values, String userWhere, |
| String[] userWhereArgs) throws SQLiteConstraintException { |
| return helper.runWithTransaction((db) -> { |
| try { |
| return qb.update(helper, values, userWhere, userWhereArgs); |
| } catch (SQLiteConstraintException e) { |
| // b/155320967 Apps sometimes create a file via file path and then update another |
| // explicitly inserted db row to this file. We have to resolve this update with a |
| // replace. |
| |
| if (getCallingPackageTargetSdkVersion() >= Build.VERSION_CODES.R) { |
| // We don't support replace for non-legacy apps. Non legacy apps should have |
| // clearer interactions with MediaProvider. |
| throw e; |
| } |
| |
| final String path = values.getAsString(FileColumns.DATA); |
| |
| // We will only handle UNIQUE constraint error for FileColumns.DATA. We will not try |
| // update and replace if no file exists for conflicting db row. |
| if (path == null || !new File(path).exists()) { |
| throw e; |
| } |
| |
| final Uri uri = FileUtils.getContentUriForPath(path); |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| // The db row which caused UNIQUE constraint error may not match all column values |
| // of the given queryBuilder, hence using a generic queryBuilder with Files uri. |
| Bundle extras = new Bundle(); |
| extras.putInt(QUERY_ARG_MATCH_PENDING, MATCH_INCLUDE); |
| extras.putInt(QUERY_ARG_MATCH_TRASHED, MATCH_INCLUDE); |
| final SQLiteQueryBuilder qbForReplace = getQueryBuilder(TYPE_DELETE, |
| matchUri(uri, allowHidden), uri, extras, null); |
| final long rowId = getIdIfPathOwnedByPackages(qbForReplace, helper, path, |
| getSharedPackages()); |
| |
| if (rowId != -1 && qbForReplace.delete(helper, "_id=?", |
| new String[] {Long.toString(rowId)}) == 1) { |
| Log.i(TAG, "Retrying database update after deleting conflicting entry"); |
| return qb.update(helper, values, userWhere, userWhereArgs); |
| } |
| // Rethrow SQLiteConstraintException if app doesn't own the conflicting db row. |
| throw e; |
| } |
| }); |
| } |
| |
| /** |
| * Update the internal table of {@link MediaStore.Audio.Playlists.Members} |
| * by parsing the playlist file on disk and resolving it against scanned |
| * audio items. |
| * <p> |
| * When a playlist references a missing audio item, the associated |
| * {@link Playlists.Members#PLAY_ORDER} is skipped, leaving a gap to ensure |
| * that the playlist entry is retained to avoid user data loss. |
| */ |
| private void resolvePlaylistMembers(@NonNull Uri playlistUri) { |
| Trace.beginSection("resolvePlaylistMembers"); |
| try { |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(playlistUri); |
| } catch (VolumeNotFoundException e) { |
| throw e.rethrowAsIllegalArgumentException(); |
| } |
| |
| helper.runWithTransaction((db) -> { |
| resolvePlaylistMembersInternal(playlistUri, db); |
| return null; |
| }); |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| private void resolvePlaylistMembersInternal(@NonNull Uri playlistUri, |
| @NonNull SQLiteDatabase db) { |
| try { |
| // Refresh playlist members based on what we parse from disk |
| final long playlistId = ContentUris.parseId(playlistUri); |
| final Map<String, Long> membersMap = getAllPlaylistMembers(playlistId); |
| db.delete("audio_playlists_map", "playlist_id=" + playlistId, null); |
| |
| final Path playlistPath = queryForDataFile(playlistUri, null).toPath(); |
| final Playlist playlist = new Playlist(); |
| playlist.read(playlistPath.toFile()); |
| |
| final List<Path> members = playlist.asList(); |
| for (int i = 0; i < members.size(); i++) { |
| try { |
| final Path audioPath = playlistPath.getParent().resolve(members.get(i)); |
| final long audioId = queryForPlaylistMember(audioPath, membersMap); |
| |
| final ContentValues values = new ContentValues(); |
| values.put(Playlists.Members.PLAY_ORDER, i + 1); |
| values.put(Playlists.Members.PLAYLIST_ID, playlistId); |
| values.put(Playlists.Members.AUDIO_ID, audioId); |
| db.insert("audio_playlists_map", null, values); |
| } catch (IOException e) { |
| Log.w(TAG, "Failed to resolve playlist member", e); |
| } |
| } |
| } catch (IOException e) { |
| Log.w(TAG, "Failed to refresh playlist", e); |
| } |
| } |
| |
| private Map<String, Long> getAllPlaylistMembers(long playlistId) { |
| final Map<String, Long> membersMap = new ArrayMap<>(); |
| |
| final Uri uri = Playlists.Members.getContentUri(MediaStore.VOLUME_EXTERNAL, playlistId); |
| final String[] projection = new String[] { |
| Playlists.Members.DATA, |
| Playlists.Members.AUDIO_ID |
| }; |
| try (Cursor c = query(uri, projection, null, null)) { |
| if (c == null) { |
| Log.e(TAG, "Cursor is null, failed to create cached playlist member info."); |
| return membersMap; |
| } |
| while (c.moveToNext()) { |
| membersMap.put(c.getString(0), c.getLong(1)); |
| } |
| } |
| return membersMap; |
| } |
| |
| /** |
| * Make two attempts to query this playlist member: first based on the exact |
| * path, and if that fails, fall back to picking a single item matching the |
| * display name. When there are multiple items with the same display name, |
| * we can't resolve between them, and leave this member unresolved. |
| */ |
| private long queryForPlaylistMember(@NonNull Path path, @NonNull Map<String, Long> membersMap) |
| throws IOException { |
| final String data = path.toFile().getCanonicalPath(); |
| if (membersMap.containsKey(data)) { |
| return membersMap.get(data); |
| } |
| final Uri audioUri = Audio.Media.getContentUri(MediaStore.VOLUME_EXTERNAL); |
| try (Cursor c = queryForSingleItem(audioUri, |
| new String[] { BaseColumns._ID }, MediaColumns.DATA + "=?", |
| new String[] { data }, null)) { |
| return c.getLong(0); |
| } catch (FileNotFoundException ignored) { |
| } |
| try (Cursor c = queryForSingleItem(audioUri, |
| new String[] { BaseColumns._ID }, MediaColumns.DISPLAY_NAME + "=?", |
| new String[] { path.toFile().getName() }, null)) { |
| return c.getLong(0); |
| } catch (FileNotFoundException ignored) { |
| } |
| throw new FileNotFoundException(); |
| } |
| |
| /** |
| * Add the given audio item to the given playlist. Defaults to adding at the |
| * end of the playlist when no {@link Playlists.Members#PLAY_ORDER} is |
| * defined. |
| */ |
| private long addPlaylistMembers(@NonNull Uri playlistUri, @NonNull ContentValues values) |
| throws FallbackException { |
| final long audioId = values.getAsLong(Audio.Playlists.Members.AUDIO_ID); |
| final String volumeName = MediaStore.VOLUME_INTERNAL.equals(getVolumeName(playlistUri)) |
| ? MediaStore.VOLUME_INTERNAL : MediaStore.VOLUME_EXTERNAL; |
| final Uri audioUri = Audio.Media.getContentUri(volumeName, audioId); |
| |
| Integer playOrder = values.getAsInteger(Playlists.Members.PLAY_ORDER); |
| playOrder = (playOrder != null) ? (playOrder - 1) : Integer.MAX_VALUE; |
| |
| try { |
| final File playlistFile = queryForDataFile(playlistUri, null); |
| final File audioFile = queryForDataFile(audioUri, null); |
| |
| final Playlist playlist = new Playlist(); |
| playlist.read(playlistFile); |
| playOrder = playlist.add(playOrder, |
| playlistFile.toPath().getParent().relativize(audioFile.toPath())); |
| playlist.write(playlistFile); |
| invalidateFuseDentry(playlistFile); |
| |
| resolvePlaylistMembers(playlistUri); |
| |
| // Callers are interested in the actual ID we generated |
| final Uri membersUri = Playlists.Members.getContentUri(volumeName, |
| ContentUris.parseId(playlistUri)); |
| try (Cursor c = query(membersUri, new String[] { BaseColumns._ID }, |
| Playlists.Members.PLAY_ORDER + "=" + (playOrder + 1), null, null)) { |
| c.moveToFirst(); |
| return c.getLong(0); |
| } |
| } catch (IOException e) { |
| throw new FallbackException("Failed to update playlist", e, |
| android.os.Build.VERSION_CODES.R); |
| } |
| } |
| |
| private int addPlaylistMembers(@NonNull Uri playlistUri, @NonNull ContentValues[] initialValues) |
| throws FallbackException { |
| final String volumeName = getVolumeName(playlistUri); |
| final String audioVolumeName = |
| MediaStore.VOLUME_INTERNAL.equals(volumeName) |
| ? MediaStore.VOLUME_INTERNAL : MediaStore.VOLUME_EXTERNAL; |
| |
| try { |
| final File playlistFile = queryForDataFile(playlistUri, null); |
| final Playlist playlist = new Playlist(); |
| playlist.read(playlistFile); |
| |
| for (ContentValues values : initialValues) { |
| final long audioId = values.getAsLong(Audio.Playlists.Members.AUDIO_ID); |
| final Uri audioUri = Audio.Media.getContentUri(audioVolumeName, audioId); |
| final File audioFile = queryForDataFile(audioUri, null); |
| |
| Integer playOrder = values.getAsInteger(Playlists.Members.PLAY_ORDER); |
| playOrder = (playOrder != null) ? (playOrder - 1) : Integer.MAX_VALUE; |
| playlist.add(playOrder, |
| playlistFile.toPath().getParent().relativize(audioFile.toPath())); |
| } |
| playlist.write(playlistFile); |
| |
| resolvePlaylistMembers(playlistUri); |
| } catch (IOException e) { |
| throw new FallbackException("Failed to update playlist", e, |
| android.os.Build.VERSION_CODES.R); |
| } |
| |
| return initialValues.length; |
| } |
| |
| /** |
| * Move an audio item within the given playlist. |
| */ |
| private int movePlaylistMembers(@NonNull Uri playlistUri, @NonNull ContentValues values, |
| @NonNull Bundle queryArgs) throws FallbackException { |
| final int fromIndex = resolvePlaylistIndex(playlistUri, queryArgs); |
| final int toIndex = values.getAsInteger(Playlists.Members.PLAY_ORDER) - 1; |
| if (fromIndex == -1) { |
| throw new FallbackException("Failed to resolve playlist member " + queryArgs, |
| android.os.Build.VERSION_CODES.R); |
| } |
| try { |
| final File playlistFile = queryForDataFile(playlistUri, null); |
| |
| final Playlist playlist = new Playlist(); |
| playlist.read(playlistFile); |
| final int finalIndex = playlist.move(fromIndex, toIndex); |
| playlist.write(playlistFile); |
| invalidateFuseDentry(playlistFile); |
| |
| resolvePlaylistMembers(playlistUri); |
| return finalIndex; |
| } catch (IOException e) { |
| throw new FallbackException("Failed to update playlist", e, |
| android.os.Build.VERSION_CODES.R); |
| } |
| } |
| |
| /** |
| * Removes an audio item or multiple audio items(if targetSDK<R) from the given playlist. |
| */ |
| private int removePlaylistMembers(@NonNull Uri playlistUri, @NonNull Bundle queryArgs) |
| throws FallbackException { |
| final int[] indexes = resolvePlaylistIndexes(playlistUri, queryArgs); |
| try { |
| final File playlistFile = queryForDataFile(playlistUri, null); |
| |
| final Playlist playlist = new Playlist(); |
| playlist.read(playlistFile); |
| final int count; |
| if (indexes.length == 0) { |
| // This means either no playlist members match the query or VolumeNotFoundException |
| // was thrown. So we don't have anything to delete. |
| count = 0; |
| } else { |
| count = playlist.removeMultiple(indexes); |
| } |
| playlist.write(playlistFile); |
| invalidateFuseDentry(playlistFile); |
| |
| resolvePlaylistMembers(playlistUri); |
| return count; |
| } catch (IOException e) { |
| throw new FallbackException("Failed to update playlist", e, |
| android.os.Build.VERSION_CODES.R); |
| } |
| } |
| |
| /** |
| * Remove an audio item from the given playlist since the playlist file or the audio file is |
| * already removed. |
| */ |
| private void removePlaylistMembers(int mediaType, long id) { |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(Audio.Media.EXTERNAL_CONTENT_URI); |
| } catch (VolumeNotFoundException e) { |
| Log.w(TAG, e); |
| return; |
| } |
| |
| helper.runWithTransaction((db) -> { |
| final String where; |
| if (mediaType == FileColumns.MEDIA_TYPE_PLAYLIST) { |
| where = "playlist_id=?"; |
| } else { |
| where = "audio_id=?"; |
| } |
| db.delete("audio_playlists_map", where, new String[] { "" + id }); |
| return null; |
| }); |
| } |
| |
| /** |
| * Resolve query arguments that are designed to select specific playlist |
| * items using the playlist's {@link Playlists.Members#PLAY_ORDER}. |
| * |
| * @return an array of the indexes that match the query. |
| */ |
| private int[] resolvePlaylistIndexes(@NonNull Uri playlistUri, @NonNull Bundle queryArgs) { |
| final Uri membersUri = Playlists.Members.getContentUri( |
| getVolumeName(playlistUri), ContentUris.parseId(playlistUri)); |
| |
| final DatabaseHelper helper; |
| final SQLiteQueryBuilder qb; |
| try { |
| helper = getDatabaseForUri(membersUri); |
| qb = getQueryBuilder(TYPE_DELETE, AUDIO_PLAYLISTS_ID_MEMBERS, |
| membersUri, queryArgs, null); |
| } catch (VolumeNotFoundException ignored) { |
| return new int[0]; |
| } |
| |
| try (Cursor c = qb.query(helper, |
| new String[] { Playlists.Members.PLAY_ORDER }, queryArgs, null)) { |
| if ((c.getCount() >= 1) && c.moveToFirst()) { |
| int size = c.getCount(); |
| int[] res = new int[size]; |
| for (int i = 0; i < size; ++i) { |
| res[i] = c.getInt(0) - 1; |
| c.moveToNext(); |
| } |
| return res; |
| } else { |
| // Cursor size is 0 |
| return new int[0]; |
| } |
| } |
| } |
| |
| /** |
| * Resolve query arguments that are designed to select a specific playlist |
| * item using its {@link Playlists.Members#PLAY_ORDER}. |
| * |
| * @return if there's only 1 item that matches the query, returns its index. Returns -1 |
| * otherwise. |
| */ |
| private int resolvePlaylistIndex(@NonNull Uri playlistUri, @NonNull Bundle queryArgs) { |
| int[] indexes = resolvePlaylistIndexes(playlistUri, queryArgs); |
| if (indexes.length == 1) { |
| return indexes[0]; |
| } |
| return -1; |
| } |
| |
| private boolean isPickerUri(Uri uri) { |
| // TODO(b/188394433): move this method to PickerResolver in the spirit of not |
| // adding picker logic to MediaProvider |
| final int match = matchUri(uri, /* allowHidden */ isCallingPackageAllowedHidden()); |
| return match == PICKER_ID; |
| } |
| |
| public boolean isPickerUnreliableVolumeUri(Uri uri, boolean allowHidden) { |
| final int match = matchUri(uri, allowHidden); |
| return match == PICKER_UNRELIABLE_VOLUME; |
| } |
| |
| @Override |
| public ParcelFileDescriptor openFile(Uri uri, String mode) throws FileNotFoundException { |
| return openFileCommon(uri, mode, /*signal*/ null, /*opts*/ null); |
| } |
| |
| @Override |
| public ParcelFileDescriptor openFile(Uri uri, String mode, CancellationSignal signal) |
| throws FileNotFoundException { |
| return openFileCommon(uri, mode, signal, /*opts*/ null); |
| } |
| |
| private ParcelFileDescriptor openFileCommon(Uri uri, String mode, CancellationSignal signal, |
| @Nullable Bundle opts) |
| throws FileNotFoundException { |
| opts = opts == null ? new Bundle() : opts; |
| // REDACTED_URI_BUNDLE_KEY extra should only be set inside MediaProvider. |
| opts.remove(QUERY_ARG_REDACTED_URI); |
| if (isRedactedUri(uri)) { |
| opts.putParcelable(QUERY_ARG_REDACTED_URI, uri); |
| uri = getUriForRedactedUri(uri); |
| } |
| uri = safeUncanonicalize(uri); |
| |
| if (isPickerUri(uri)) { |
| final int callingPid = mCallingIdentity.get().pid; |
| final int callingUid = mCallingIdentity.get().uid; |
| return mPickerUriResolver.openFile(uri, mode, signal, callingPid, callingUid); |
| } |
| |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final int match = matchUri(uri, allowHidden); |
| final String volumeName = getVolumeName(uri); |
| |
| // Handle some legacy cases where we need to redirect thumbnails |
| try { |
| switch (match) { |
| case AUDIO_ALBUMART_ID: { |
| final long albumId = Long.parseLong(uri.getPathSegments().get(3)); |
| final Uri targetUri = ContentUris |
| .withAppendedId(Audio.Albums.getContentUri(volumeName), albumId); |
| return ensureThumbnail(targetUri, signal); |
| } |
| case AUDIO_ALBUMART_FILE_ID: { |
| final long audioId = Long.parseLong(uri.getPathSegments().get(3)); |
| final Uri targetUri = ContentUris |
| .withAppendedId(Audio.Media.getContentUri(volumeName), audioId); |
| return ensureThumbnail(targetUri, signal); |
| } |
| case VIDEO_MEDIA_ID_THUMBNAIL: { |
| final long videoId = Long.parseLong(uri.getPathSegments().get(3)); |
| final Uri targetUri = ContentUris |
| .withAppendedId(Video.Media.getContentUri(volumeName), videoId); |
| return ensureThumbnail(targetUri, signal); |
| } |
| case IMAGES_MEDIA_ID_THUMBNAIL: { |
| final long imageId = Long.parseLong(uri.getPathSegments().get(3)); |
| final Uri targetUri = ContentUris |
| .withAppendedId(Images.Media.getContentUri(volumeName), imageId); |
| return ensureThumbnail(targetUri, signal); |
| } |
| } |
| } finally { |
| // We have to log separately here because openFileAndEnforcePathPermissionsHelper calls |
| // a public MediaProvider API and so logs the access there. |
| PulledMetrics.logVolumeAccessViaMediaProvider(getCallingUidOrSelf(), volumeName); |
| } |
| |
| return openFileAndEnforcePathPermissionsHelper(uri, match, mode, signal, opts); |
| } |
| |
| @Override |
| public AssetFileDescriptor openTypedAssetFile(Uri uri, String mimeTypeFilter, Bundle opts) |
| throws FileNotFoundException { |
| return openTypedAssetFileCommon(uri, mimeTypeFilter, opts, null); |
| } |
| |
| @Override |
| public AssetFileDescriptor openTypedAssetFile(Uri uri, String mimeTypeFilter, Bundle opts, |
| CancellationSignal signal) throws FileNotFoundException { |
| return openTypedAssetFileCommon(uri, mimeTypeFilter, opts, signal); |
| } |
| |
| private AssetFileDescriptor openTypedAssetFileCommon(Uri uri, String mimeTypeFilter, |
| Bundle opts, CancellationSignal signal) throws FileNotFoundException { |
| final boolean wantsThumb = (opts != null) && opts.containsKey(ContentResolver.EXTRA_SIZE) |
| && StringUtils.startsWithIgnoreCase(mimeTypeFilter, "image/"); |
| String mode = "r"; |
| |
| // If request is not for thumbnail and arising from MediaProvider, then check for EXTRA_MODE |
| if (opts != null && !wantsThumb && isCallingPackageSelf()) { |
| mode = opts.getString(MediaStore.EXTRA_MODE, "r"); |
| } else if (opts != null) { |
| opts.remove(MediaStore.EXTRA_MODE); |
| } |
| |
| if (opts != null && opts.containsKey(MediaStore.EXTRA_FILE_DESCRIPTOR)) { |
| // This is called as part of MediaStore#getOriginalMediaFormatFileDescriptor |
| // We don't need to use the |uri| because the input fd already identifies the file and |
| // we actually don't have a valid URI, we are going to identify the file via the fd. |
| // While identifying the file, we also perform the following security checks. |
| // 1. Find the FUSE file with the associated inode |
| // 2. Verify that the binder caller opened it |
| // 3. Verify the access level the fd is opened with (r/w) |
| // 4. Open the original (non-transcoded) file *with* redaction enabled and the access |
| // level from #3 |
| // 5. Return the fd from #4 to the app or throw an exception if any of the conditions |
| // are not met |
| try { |
| return getOriginalMediaFormatFileDescriptor(opts); |
| } finally { |
| // Clearing the Bundle closes the underlying Parcel, ensuring that the input fd |
| // owned by the Parcel is closed immediately and not at the next GC. |
| // This works around a change in behavior introduced by: |
| // aosp/Icfe8880cad00c3cd2afcbe4b92400ad4579e680e |
| opts.clear(); |
| } |
| } |
| |
| // This is needed for thumbnail resolution as it doesn't go through openFileCommon |
| if (isPickerUri(uri)) { |
| final int callingPid = mCallingIdentity.get().pid; |
| final int callingUid = mCallingIdentity.get().uid; |
| return mPickerUriResolver.openTypedAssetFile(uri, mimeTypeFilter, opts, signal, |
| callingPid, callingUid); |
| } |
| |
| // TODO: enforce that caller has access to this uri |
| |
| // Offer thumbnail of media, when requested |
| if (wantsThumb) { |
| final ParcelFileDescriptor pfd = ensureThumbnail(uri, signal); |
| return new AssetFileDescriptor(pfd, 0, AssetFileDescriptor.UNKNOWN_LENGTH); |
| } |
| |
| // Worst case, return the underlying file |
| return new AssetFileDescriptor(openFileCommon(uri, mode, signal, opts), 0, |
| AssetFileDescriptor.UNKNOWN_LENGTH); |
| } |
| |
| private ParcelFileDescriptor ensureThumbnail(Uri uri, CancellationSignal signal) |
| throws FileNotFoundException { |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final int match = matchUri(uri, allowHidden); |
| |
| Trace.beginSection("ensureThumbnail"); |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try { |
| switch (match) { |
| case AUDIO_ALBUMS_ID: { |
| final String volumeName = MediaStore.getVolumeName(uri); |
| final Uri baseUri = MediaStore.Audio.Media.getContentUri(volumeName); |
| final long albumId = ContentUris.parseId(uri); |
| try (Cursor c = query(baseUri, new String[] { MediaStore.Audio.Media._ID }, |
| MediaStore.Audio.Media.ALBUM_ID + "=" + albumId, null, null, signal)) { |
| if (c.moveToFirst()) { |
| final long audioId = c.getLong(0); |
| final Uri targetUri = ContentUris.withAppendedId(baseUri, audioId); |
| return mAudioThumbnailer.ensureThumbnail(targetUri, signal); |
| } else { |
| throw new FileNotFoundException("No media for album " + uri); |
| } |
| } |
| } |
| case AUDIO_MEDIA_ID: |
| return mAudioThumbnailer.ensureThumbnail(uri, signal); |
| case VIDEO_MEDIA_ID: |
| return mVideoThumbnailer.ensureThumbnail(uri, signal); |
| case IMAGES_MEDIA_ID: |
| return mImageThumbnailer.ensureThumbnail(uri, signal); |
| case FILES_ID: |
| case DOWNLOADS_ID: { |
| // When item is referenced in a generic way, resolve to actual type |
| final int mediaType = MimeUtils.resolveMediaType(getType(uri)); |
| switch (mediaType) { |
| case FileColumns.MEDIA_TYPE_AUDIO: |
| return mAudioThumbnailer.ensureThumbnail(uri, signal); |
| case FileColumns.MEDIA_TYPE_VIDEO: |
| return mVideoThumbnailer.ensureThumbnail(uri, signal); |
| case FileColumns.MEDIA_TYPE_IMAGE: |
| return mImageThumbnailer.ensureThumbnail(uri, signal); |
| default: |
| throw new FileNotFoundException(); |
| } |
| } |
| default: |
| throw new FileNotFoundException(); |
| } |
| } catch (IOException e) { |
| Log.w(TAG, e); |
| throw new FileNotFoundException(e.getMessage()); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| Trace.endSection(); |
| } |
| } |
| |
| /** |
| * Update the metadata columns for the image residing at given {@link Uri} |
| * by reading data from the underlying image. |
| */ |
| private void updateImageMetadata(ContentValues values, File file) { |
| final BitmapFactory.Options bitmapOpts = new BitmapFactory.Options(); |
| bitmapOpts.inJustDecodeBounds = true; |
| BitmapFactory.decodeFile(file.getAbsolutePath(), bitmapOpts); |
| |
| values.put(MediaColumns.WIDTH, bitmapOpts.outWidth); |
| values.put(MediaColumns.HEIGHT, bitmapOpts.outHeight); |
| } |
| |
| private void handleInsertedRowForFuse(long rowId) { |
| if (isFuseThread()) { |
| // Removes restored row ID saved list. |
| mCallingIdentity.get().removeDeletedRowId(rowId); |
| } |
| } |
| |
| private void handleUpdatedRowForFuse(@NonNull String oldPath, @NonNull String ownerPackage, |
| long oldRowId, long newRowId) { |
| if (oldRowId == newRowId) { |
| // Update didn't delete or add row ID. We don't need to save row ID or remove saved |
| // deleted ID. |
| return; |
| } |
| |
| handleDeletedRowForFuse(oldPath, ownerPackage, oldRowId); |
| handleInsertedRowForFuse(newRowId); |
| } |
| |
| private void handleDeletedRowForFuse(@NonNull String path, @NonNull String ownerPackage, |
| long rowId) { |
| if (!isFuseThread()) { |
| return; |
| } |
| |
| // Invalidate saved owned ID's of the previous owner of the deleted path, this prevents old |
| // owner from gaining access to newly created file with restored row ID. |
| if (!ownerPackage.equals("null") && !ownerPackage.equals(getCallingPackageOrSelf())) { |
| invalidateLocalCallingIdentityCache(ownerPackage, "owned_database_row_deleted:" |
| + path); |
| } |
| // Saves row ID corresponding to deleted path. Saved row ID will be restored on subsequent |
| // create or rename. |
| mCallingIdentity.get().addDeletedRowId(path, rowId); |
| } |
| |
| private void handleOwnerPackageNameChange(@NonNull String oldPath, |
| @NonNull String oldOwnerPackage, @NonNull String newOwnerPackage) { |
| if (Objects.equals(oldOwnerPackage, newOwnerPackage)) { |
| return; |
| } |
| // Invalidate saved owned ID's of the previous owner of the renamed path, this prevents old |
| // owner from gaining access to replaced file. |
| invalidateLocalCallingIdentityCache(oldOwnerPackage, "owner_package_changed:" + oldPath); |
| } |
| |
| /** |
| * Return the {@link MediaColumns#DATA} field for the given {@code Uri}. |
| */ |
| File queryForDataFile(Uri uri, CancellationSignal signal) |
| throws FileNotFoundException { |
| return queryForDataFile(uri, null, null, signal); |
| } |
| |
| /** |
| * Return the {@link MediaColumns#DATA} field for the given {@code Uri}. |
| */ |
| File queryForDataFile(Uri uri, String selection, String[] selectionArgs, |
| CancellationSignal signal) throws FileNotFoundException { |
| try (Cursor cursor = queryForSingleItem(uri, new String[] { MediaColumns.DATA }, |
| selection, selectionArgs, signal)) { |
| final String data = cursor.getString(0); |
| if (TextUtils.isEmpty(data)) { |
| throw new FileNotFoundException("Missing path for " + uri); |
| } else { |
| return new File(data); |
| } |
| } |
| } |
| |
| /** |
| * Return the {@link Uri} for the given {@code File}. |
| */ |
| Uri queryForMediaUri(File file, CancellationSignal signal) throws FileNotFoundException { |
| final String volumeName = FileUtils.getVolumeName(getContext(), file); |
| final Uri uri = Files.getContentUri(volumeName); |
| try (Cursor cursor = queryForSingleItem(uri, new String[] { MediaColumns._ID }, |
| MediaColumns.DATA + "=?", new String[] { file.getAbsolutePath() }, signal)) { |
| return ContentUris.withAppendedId(uri, cursor.getLong(0)); |
| } |
| } |
| |
| /** |
| * Query the given {@link Uri} as MediaProvider, expecting only a single item to be found. |
| * |
| * @throws FileNotFoundException if no items were found, or multiple items |
| * were found, or there was trouble reading the data. |
| */ |
| Cursor queryForSingleItemAsMediaProvider(Uri uri, String[] projection, String selection, |
| String[] selectionArgs, CancellationSignal signal) |
| throws FileNotFoundException { |
| final LocalCallingIdentity tokenInner = clearLocalCallingIdentity(); |
| try { |
| return queryForSingleItem(uri, projection, selection, selectionArgs, signal); |
| } finally { |
| restoreLocalCallingIdentity(tokenInner); |
| } |
| } |
| |
| /** |
| * Query the given {@link Uri}, expecting only a single item to be found. |
| * |
| * @throws FileNotFoundException if no items were found, or multiple items |
| * were found, or there was trouble reading the data. |
| */ |
| Cursor queryForSingleItem(Uri uri, String[] projection, String selection, |
| String[] selectionArgs, CancellationSignal signal) throws FileNotFoundException { |
| Cursor c = null; |
| try { |
| c = query(uri, projection, |
| DatabaseUtils.createSqlQueryBundle(selection, selectionArgs, null), |
| signal, true); |
| } catch (IllegalArgumentException e) { |
| throw new FileNotFoundException("Volume not found for " + uri); |
| } |
| if (c == null) { |
| throw new FileNotFoundException("Missing cursor for " + uri); |
| } else if (c.getCount() < 1) { |
| FileUtils.closeQuietly(c); |
| throw new FileNotFoundException("No item at " + uri); |
| } else if (c.getCount() > 1) { |
| FileUtils.closeQuietly(c); |
| throw new FileNotFoundException("Multiple items at " + uri); |
| } |
| |
| if (c.moveToFirst()) { |
| return c; |
| } else { |
| FileUtils.closeQuietly(c); |
| throw new FileNotFoundException("Failed to read row from " + uri); |
| } |
| } |
| |
| /** |
| * Compares {@code itemOwner} with package name of {@link LocalCallingIdentity} and throws |
| * {@link IllegalStateException} if it doesn't match. |
| * Make sure to set calling identity properly before calling. |
| */ |
| private void requireOwnershipForItem(@Nullable String itemOwner, Uri item) { |
| final boolean hasOwner = (itemOwner != null); |
| final boolean callerIsOwner = Objects.equals(getCallingPackageOrSelf(), itemOwner); |
| if (hasOwner && !callerIsOwner) { |
| throw new IllegalStateException( |
| "Only owner is able to interact with pending/trashed item " + item); |
| } |
| } |
| |
| private ParcelFileDescriptor openWithFuse(String filePath, int uid, int mediaCapabilitiesUid, |
| int modeBits, boolean shouldRedact, boolean shouldTranscode, int transcodeReason) |
| throws FileNotFoundException { |
| Log.d(TAG, "Open with FUSE. FilePath: " + filePath |
| + ". Uid: " + uid |
| + ". Media Capabilities Uid: " + mediaCapabilitiesUid |
| + ". ShouldRedact: " + shouldRedact |
| + ". ShouldTranscode: " + shouldTranscode); |
| |
| int tid = android.os.Process.myTid(); |
| synchronized (mPendingOpenInfo) { |
| mPendingOpenInfo.put(tid, |
| new PendingOpenInfo(uid, mediaCapabilitiesUid, shouldRedact, transcodeReason)); |
| } |
| |
| try { |
| return FileUtils.openSafely(toFuseFile(new File(filePath)), modeBits); |
| } finally { |
| synchronized (mPendingOpenInfo) { |
| mPendingOpenInfo.remove(tid); |
| } |
| } |
| } |
| |
| private @NonNull FuseDaemon getFuseDaemonForFile(@NonNull File file) |
| throws FileNotFoundException { |
| final FuseDaemon daemon = ExternalStorageServiceImpl.getFuseDaemon(getVolumeId(file)); |
| if (daemon == null) { |
| throw new FileNotFoundException("Missing FUSE daemon for " + file); |
| } else { |
| return daemon; |
| } |
| } |
| |
| private void invalidateFuseDentry(@NonNull File file) { |
| invalidateFuseDentry(file.getAbsolutePath()); |
| } |
| |
| private void invalidateFuseDentry(@NonNull String path) { |
| try { |
| final FuseDaemon daemon = getFuseDaemonForFile(new File(path)); |
| if (isFuseThread()) { |
| // If we are on a FUSE thread, we don't need to invalidate, |
| // (and *must* not, otherwise we'd crash) because the invalidation |
| // is already reflected in the lower filesystem |
| return; |
| } else { |
| daemon.invalidateFuseDentryCache(path); |
| } |
| } catch (FileNotFoundException e) { |
| Log.w(TAG, "Failed to invalidate FUSE dentry", e); |
| } |
| } |
| |
| /** |
| * Replacement for {@link #openFileHelper(Uri, String)} which enforces any |
| * permissions applicable to the path before returning. |
| * |
| * <p>This function should never be called from the fuse thread since it tries to open |
| * a "/mnt/user" path. |
| */ |
| private ParcelFileDescriptor openFileAndEnforcePathPermissionsHelper(Uri uri, int match, |
| String mode, CancellationSignal signal, @NonNull Bundle opts) |
| throws FileNotFoundException { |
| int modeBits = ParcelFileDescriptor.parseMode(mode); |
| boolean forWrite = (modeBits & ParcelFileDescriptor.MODE_WRITE_ONLY) != 0; |
| final Uri redactedUri = opts.getParcelable(QUERY_ARG_REDACTED_URI); |
| if (forWrite) { |
| if (redactedUri != null) { |
| throw new UnsupportedOperationException( |
| "Write is not supported on " + redactedUri.toString()); |
| } |
| // Upgrade 'w' only to 'rw'. This allows us acquire a WR_LOCK when calling |
| // #shouldOpenWithFuse |
| modeBits |= ParcelFileDescriptor.MODE_READ_WRITE; |
| } |
| |
| final boolean hasOwnerPackageName = hasOwnerPackageName(uri); |
| final String[] projection = new String[] { |
| MediaColumns.DATA, |
| hasOwnerPackageName ? MediaColumns.OWNER_PACKAGE_NAME : "NULL", |
| hasOwnerPackageName ? MediaColumns.IS_PENDING : "0", |
| }; |
| |
| final File file; |
| final String ownerPackageName; |
| final boolean isPending; |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try (Cursor c = queryForSingleItem(uri, projection, null, null, signal)) { |
| final String data = c.getString(0); |
| if (TextUtils.isEmpty(data)) { |
| throw new FileNotFoundException("Missing path for " + uri); |
| } else { |
| file = new File(data).getCanonicalFile(); |
| } |
| ownerPackageName = c.getString(1); |
| isPending = c.getInt(2) != 0; |
| } catch (IOException e) { |
| throw new FileNotFoundException(e.toString()); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| |
| if (redactedUri == null) { |
| checkAccess(uri, Bundle.EMPTY, file, forWrite); |
| } else { |
| checkAccess(redactedUri, Bundle.EMPTY, file, false); |
| } |
| |
| // We don't check ownership for files with IS_PENDING set by FUSE |
| if (isPending && !isPendingFromFuse(file)) { |
| requireOwnershipForItem(ownerPackageName, uri); |
| } |
| |
| final boolean callerIsOwner = Objects.equals(getCallingPackageOrSelf(), ownerPackageName); |
| // Figure out if we need to redact contents |
| final boolean redactionNeeded = |
| (redactedUri != null) || (!callerIsOwner && isRedactionNeeded(uri)); |
| final RedactionInfo redactionInfo; |
| try { |
| redactionInfo = redactionNeeded ? getRedactionRanges(file) |
| : new RedactionInfo(new long[0], new long[0]); |
| } catch (IOException e) { |
| throw new IllegalStateException(e); |
| } |
| |
| // Yell if caller requires original, since we can't give it to them |
| // unless they have access granted above |
| if (redactionNeeded && MediaStore.getRequireOriginal(uri)) { |
| throw new UnsupportedOperationException( |
| "Caller must hold ACCESS_MEDIA_LOCATION permission to access original"); |
| } |
| |
| // Kick off metadata update when writing is finished |
| final OnCloseListener listener = (e) -> { |
| // We always update metadata to reflect the state on disk, even when |
| // the remote writer tried claiming an exception |
| invalidateThumbnails(uri); |
| |
| // Invalidate so subsequent stat(2) on the upper fs is eventually consistent |
| invalidateFuseDentry(file); |
| try { |
| switch (match) { |
| case IMAGES_THUMBNAILS_ID: |
| case VIDEO_THUMBNAILS_ID: |
| final ContentValues values = new ContentValues(); |
| updateImageMetadata(values, file); |
| update(uri, values, null, null); |
| break; |
| default: |
| scanFileAsMediaProvider(file, REASON_DEMAND); |
| break; |
| } |
| } catch (Exception e2) { |
| Log.w(TAG, "Failed to update metadata for " + uri, e2); |
| } |
| }; |
| |
| try { |
| // First, handle any redaction that is needed for caller |
| final ParcelFileDescriptor pfd; |
| final String filePath = file.getPath(); |
| final int uid = Binder.getCallingUid(); |
| final int transcodeReason = mTranscodeHelper.shouldTranscode(filePath, uid, opts); |
| final boolean shouldTranscode = transcodeReason > 0; |
| int mediaCapabilitiesUid = opts.getInt(MediaStore.EXTRA_MEDIA_CAPABILITIES_UID); |
| if (!shouldTranscode || mediaCapabilitiesUid < Process.FIRST_APPLICATION_UID) { |
| // Although 0 is a valid UID, it's not a valid app uid. |
| // So, we use it to signify that mediaCapabilitiesUid is not set. |
| mediaCapabilitiesUid = 0; |
| } |
| if (redactionInfo.redactionRanges.length > 0) { |
| // If fuse is enabled, we can provide an fd that points to the fuse |
| // file system and handle redaction in the fuse handler when the caller reads. |
| pfd = openWithFuse(filePath, uid, mediaCapabilitiesUid, modeBits, |
| true /* shouldRedact */, shouldTranscode, transcodeReason); |
| } else if (shouldTranscode) { |
| pfd = openWithFuse(filePath, uid, mediaCapabilitiesUid, modeBits, |
| false /* shouldRedact */, shouldTranscode, transcodeReason); |
| } else { |
| FuseDaemon daemon = null; |
| try { |
| daemon = getFuseDaemonForFile(file); |
| } catch (FileNotFoundException ignored) { |
| } |
| ParcelFileDescriptor lowerFsFd = FileUtils.openSafely(file, modeBits); |
| // Always acquire a readLock. This allows us make multiple opens via lower |
| // filesystem |
| boolean shouldOpenWithFuse = daemon != null |
| && daemon.shouldOpenWithFuse(filePath, true /* forRead */, |
| lowerFsFd.getFd()); |
| |
| if (shouldOpenWithFuse) { |
| // If the file is already opened on the FUSE mount with VFS caching enabled |
| // we return an upper filesystem fd (via FUSE) to avoid file corruption |
| // resulting from cache inconsistencies between the upper and lower |
| // filesystem caches |
| pfd = openWithFuse(filePath, uid, mediaCapabilitiesUid, modeBits, |
| false /* shouldRedact */, shouldTranscode, transcodeReason); |
| try { |
| lowerFsFd.close(); |
| } catch (IOException e) { |
| Log.w(TAG, "Failed to close lower filesystem fd " + file.getPath(), e); |
| } |
| } else { |
| Log.i(TAG, "Open with lower FS for " + filePath + ". Uid: " + uid); |
| if (forWrite) { |
| // When opening for write on the lower filesystem, invalidate the VFS dentry |
| // so subsequent open/getattr calls will return correctly. |
| // |
| // A 'dirty' dentry with write back cache enabled can cause the kernel to |
| // ignore file attributes or even see stale page cache data when the lower |
| // filesystem has been modified outside of the FUSE driver |
| invalidateFuseDentry(file); |
| } |
| |
| pfd = lowerFsFd; |
| } |
| } |
| |
| // Second, wrap in any listener that we've requested |
| if (!isPending && forWrite && listener != null) { |
| return ParcelFileDescriptor.wrap(pfd, BackgroundThread.getHandler(), listener); |
| } else { |
| return pfd; |
| } |
| } catch (IOException e) { |
| if (e instanceof FileNotFoundException) { |
| throw (FileNotFoundException) e; |
| } else { |
| throw new IllegalStateException(e); |
| } |
| } |
| } |
| |
| private void deleteAndInvalidate(@NonNull Path path) { |
| deleteAndInvalidate(path.toFile()); |
| } |
| |
| private void deleteAndInvalidate(@NonNull File file) { |
| file.delete(); |
| invalidateFuseDentry(file); |
| } |
| |
| private void deleteIfAllowed(Uri uri, Bundle extras, String path) { |
| try { |
| final File file = new File(path).getCanonicalFile(); |
| checkAccess(uri, extras, file, true); |
| deleteAndInvalidate(file); |
| } catch (Exception e) { |
| Log.e(TAG, "Couldn't delete " + path, e); |
| } |
| } |
| |
| @Deprecated |
| private boolean isPending(Uri uri) { |
| final int match = matchUri(uri, true); |
| switch (match) { |
| case AUDIO_MEDIA_ID: |
| case VIDEO_MEDIA_ID: |
| case IMAGES_MEDIA_ID: |
| try (Cursor c = queryForSingleItem(uri, |
| new String[] { MediaColumns.IS_PENDING }, null, null, null)) { |
| return (c.getInt(0) != 0); |
| } catch (FileNotFoundException e) { |
| throw new IllegalStateException(e); |
| } |
| default: |
| return false; |
| } |
| } |
| |
| @Deprecated |
| private boolean isRedactionNeeded(Uri uri) { |
| return mCallingIdentity.get().hasPermission(PERMISSION_IS_REDACTION_NEEDED); |
| } |
| |
| private boolean isRedactionNeeded() { |
| return mCallingIdentity.get().hasPermission(PERMISSION_IS_REDACTION_NEEDED); |
| } |
| |
| private boolean isCallingPackageRequestingLegacy() { |
| return mCallingIdentity.get().hasPermission(PERMISSION_IS_LEGACY_GRANTED); |
| } |
| |
| private boolean shouldBypassDatabase(int uid) { |
| if (uid != android.os.Process.SHELL_UID && isCallingPackageManager()) { |
| return mCallingIdentity.get().shouldBypassDatabase(false /*isSystemGallery*/); |
| } else if (isCallingPackageSystemGallery()) { |
| if (isCallingPackageLegacyWrite()) { |
| // We bypass db operations for legacy system galleries with W_E_S (see b/167307393). |
| // Tracking a longer term solution in b/168784136. |
| return true; |
| } else if (isCallingPackageRequestingLegacy()) { |
| // If requesting legacy, app should have W_E_S along with SystemGallery appops. |
| return false; |
| } else if (!SdkLevel.isAtLeastS()) { |
| // We don't parse manifest flags for SdkLevel<=R yet. Hence, we don't bypass |
| // database updates for SystemGallery targeting R or above on R OS. |
| return false; |
| } |
| return mCallingIdentity.get().shouldBypassDatabase(true /*isSystemGallery*/); |
| } |
| return false; |
| } |
| |
| private static int getFileMediaType(String path) { |
| final File file = new File(path); |
| final String mimeType = MimeUtils.resolveMimeType(file); |
| return MimeUtils.resolveMediaType(mimeType); |
| } |
| |
| private boolean canAccessMediaFile(String filePath, boolean excludeNonSystemGallery) { |
| if (excludeNonSystemGallery && !isCallingPackageSystemGallery()) { |
| return false; |
| } |
| switch (getFileMediaType(filePath)) { |
| case FileColumns.MEDIA_TYPE_IMAGE: |
| return mCallingIdentity.get().hasPermission(PERMISSION_WRITE_IMAGES); |
| case FileColumns.MEDIA_TYPE_VIDEO: |
| return mCallingIdentity.get().hasPermission(PERMISSION_WRITE_VIDEO); |
| default: |
| return false; |
| } |
| } |
| |
| /** |
| * Returns true if: |
| * <ul> |
| * <li>the calling identity is an app targeting Q or older versions AND is requesting legacy |
| * storage |
| * <li>the calling identity holds {@code MANAGE_EXTERNAL_STORAGE} |
| * <li>the calling identity owns or has access to the filePath (eg /Android/data/com.foo) |
| * <li>the calling identity has permission to write images and the given file is an image file |
| * <li>the calling identity has permission to write video and the given file is an video file |
| * </ul> |
| */ |
| private boolean shouldBypassFuseRestrictions(boolean forWrite, String filePath) { |
| boolean isRequestingLegacyStorage = forWrite ? isCallingPackageLegacyWrite() |
| : isCallingPackageLegacyRead(); |
| if (isRequestingLegacyStorage) { |
| return true; |
| } |
| |
| if (isCallingPackageManager()) { |
| return true; |
| } |
| |
| // Check if the caller has access to private app directories. |
| if (isUidAllowedAccessToDataOrObbPathForFuse(mCallingIdentity.get().uid, filePath)) { |
| return true; |
| } |
| |
| // Apps with write access to images and/or videos can bypass our restrictions if all of the |
| // the files they're accessing are of the compatible media type. |
| if (canAccessMediaFile(filePath, /*excludeNonSystemGallery*/ false)) { |
| return true; |
| } |
| |
| return false; |
| } |
| |
| /** |
| * Returns true if the passed in path is an application-private data directory |
| * (such as Android/data/com.foo or Android/obb/com.foo) that does not belong to the caller and |
| * the caller does not have special access. |
| */ |
| private boolean isPrivatePackagePathNotAccessibleByCaller(String path) { |
| // Files under the apps own private directory |
| final String appSpecificDir = extractPathOwnerPackageName(path); |
| |
| if (appSpecificDir == null) { |
| return false; |
| } |
| |
| // Android/media is not considered private, because it contains media that is explicitly |
| // scanned and shared by other apps |
| if (isExternalMediaDirectory(path)) { |
| return false; |
| } |
| return !isUidAllowedAccessToDataOrObbPathForFuse(mCallingIdentity.get().uid, path); |
| } |
| |
| private boolean shouldBypassDatabaseAndSetDirtyForFuse(int uid, String path) { |
| if (shouldBypassDatabase(uid)) { |
| synchronized (mNonHiddenPaths) { |
| File file = new File(path); |
| String key = file.getParent(); |
| boolean maybeHidden = !mNonHiddenPaths.containsKey(key); |
| |
| if (maybeHidden) { |
| File topNoMediaDir = FileUtils.getTopLevelNoMedia(new File(path)); |
| if (topNoMediaDir == null) { |
| mNonHiddenPaths.put(key, 0); |
| } else { |
| mMediaScanner.onDirectoryDirty(topNoMediaDir); |
| } |
| } |
| } |
| return true; |
| } |
| return false; |
| } |
| |
| /** |
| * Set of Exif tags that should be considered for redaction. |
| */ |
| private static final String[] REDACTED_EXIF_TAGS = new String[] { |
| ExifInterface.TAG_GPS_ALTITUDE, |
| ExifInterface.TAG_GPS_ALTITUDE_REF, |
| ExifInterface.TAG_GPS_AREA_INFORMATION, |
| ExifInterface.TAG_GPS_DOP, |
| ExifInterface.TAG_GPS_DATESTAMP, |
| ExifInterface.TAG_GPS_DEST_BEARING, |
| ExifInterface.TAG_GPS_DEST_BEARING_REF, |
| ExifInterface.TAG_GPS_DEST_DISTANCE, |
| ExifInterface.TAG_GPS_DEST_DISTANCE_REF, |
| ExifInterface.TAG_GPS_DEST_LATITUDE, |
| ExifInterface.TAG_GPS_DEST_LATITUDE_REF, |
| ExifInterface.TAG_GPS_DEST_LONGITUDE, |
| ExifInterface.TAG_GPS_DEST_LONGITUDE_REF, |
| ExifInterface.TAG_GPS_DIFFERENTIAL, |
| ExifInterface.TAG_GPS_IMG_DIRECTION, |
| ExifInterface.TAG_GPS_IMG_DIRECTION_REF, |
| ExifInterface.TAG_GPS_LATITUDE, |
| ExifInterface.TAG_GPS_LATITUDE_REF, |
| ExifInterface.TAG_GPS_LONGITUDE, |
| ExifInterface.TAG_GPS_LONGITUDE_REF, |
| ExifInterface.TAG_GPS_MAP_DATUM, |
| ExifInterface.TAG_GPS_MEASURE_MODE, |
| ExifInterface.TAG_GPS_PROCESSING_METHOD, |
| ExifInterface.TAG_GPS_SATELLITES, |
| ExifInterface.TAG_GPS_SPEED, |
| ExifInterface.TAG_GPS_SPEED_REF, |
| ExifInterface.TAG_GPS_STATUS, |
| ExifInterface.TAG_GPS_TIMESTAMP, |
| ExifInterface.TAG_GPS_TRACK, |
| ExifInterface.TAG_GPS_TRACK_REF, |
| ExifInterface.TAG_GPS_VERSION_ID, |
| }; |
| |
| /** |
| * Set of ISO boxes that should be considered for redaction. |
| */ |
| private static final int[] REDACTED_ISO_BOXES = new int[] { |
| IsoInterface.BOX_LOCI, |
| IsoInterface.BOX_XYZ, |
| IsoInterface.BOX_GPS, |
| IsoInterface.BOX_GPS0, |
| }; |
| |
| public static final Set<String> sRedactedExifTags = new ArraySet<>( |
| Arrays.asList(REDACTED_EXIF_TAGS)); |
| |
| private static final class RedactionInfo { |
| public final long[] redactionRanges; |
| public final long[] freeOffsets; |
| |
| public RedactionInfo() { |
| this.redactionRanges = new long[0]; |
| this.freeOffsets = new long[0]; |
| } |
| |
| public RedactionInfo(long[] redactionRanges, long[] freeOffsets) { |
| this.redactionRanges = redactionRanges; |
| this.freeOffsets = freeOffsets; |
| } |
| } |
| |
| private static class LRUCache<K, V> extends LinkedHashMap<K, V> { |
| private final int mMaxSize; |
| |
| public LRUCache(int maxSize) { |
| this.mMaxSize = maxSize; |
| } |
| |
| @Override |
| protected boolean removeEldestEntry(Map.Entry<K, V> eldest) { |
| return size() > mMaxSize; |
| } |
| } |
| |
| private static final class PendingOpenInfo { |
| public final int uid; |
| public final int mediaCapabilitiesUid; |
| public final boolean shouldRedact; |
| public final int transcodeReason; |
| |
| public PendingOpenInfo(int uid, int mediaCapabilitiesUid, boolean shouldRedact, |
| int transcodeReason) { |
| this.uid = uid; |
| this.mediaCapabilitiesUid = mediaCapabilitiesUid; |
| this.shouldRedact = shouldRedact; |
| this.transcodeReason = transcodeReason; |
| } |
| } |
| |
| /** |
| * Calculates the ranges that need to be redacted for the given file and user that wants to |
| * access the file. |
| * Note: This method assumes that the caller of this function has already done permission checks |
| * for the uid to access this path. |
| * |
| * @param uid UID of the package wanting to access the file |
| * @param path File path |
| * @param tid thread id making IO on the FUSE filesystem |
| * @return Ranges that should be redacted. |
| * |
| * @throws IOException if an error occurs while calculating the redaction ranges |
| */ |
| @NonNull |
| private long[] getRedactionRangesForFuse(String path, String ioPath, int original_uid, int uid, |
| int tid, boolean forceRedaction) throws IOException { |
| // |ioPath| might refer to a transcoded file path (which is not indexed in the db) |
| // |path| will always refer to a valid _data column |
| // We use |ioPath| for the filesystem access because in the case of transcoding, |
| // we want to get redaction ranges from the transcoded file and *not* the original file |
| final File file = new File(ioPath); |
| |
| if (forceRedaction) { |
| return getRedactionRanges(file).redactionRanges; |
| } |
| |
| // When calculating redaction ranges initiated from MediaProvider, the redaction policy |
| // is slightly different from the FUSE initiated opens redaction policy. targetSdk=29 from |
| // MediaProvider requires redaction, but targetSdk=29 apps from FUSE don't require redaction |
| // Hence, we check the mPendingOpenInfo object (populated when opens are initiated from |
| // MediaProvider) if there's a pending open from MediaProvider with matching tid and uid and |
| // use the shouldRedact decision there if there's one. |
| synchronized (mPendingOpenInfo) { |
| PendingOpenInfo info = mPendingOpenInfo.get(tid); |
| if (info != null && info.uid == original_uid) { |
| boolean shouldRedact = info.shouldRedact; |
| if (shouldRedact) { |
| return getRedactionRanges(file).redactionRanges; |
| } else { |
| return new long[0]; |
| } |
| } |
| } |
| |
| final LocalCallingIdentity token = |
| clearLocalCallingIdentity(getCachedCallingIdentityForFuse(uid)); |
| try { |
| if (!isRedactionNeeded() |
| || shouldBypassFuseRestrictions(/*forWrite*/ false, path)) { |
| return new long[0]; |
| } |
| |
| final Uri contentUri = FileUtils.getContentUriForPath(path); |
| final String[] projection = new String[]{ |
| MediaColumns.OWNER_PACKAGE_NAME, MediaColumns._ID , FileColumns.MEDIA_TYPE}; |
| final String selection = MediaColumns.DATA + "=?"; |
| final String[] selectionArgs = new String[]{path}; |
| final String ownerPackageName; |
| final int id; |
| final int mediaType; |
| // Query as MediaProvider as non-RES apps will result in FileNotFoundException. |
| // Note: The caller uid already has passed permission checks to access this file. |
| try (final Cursor c = queryForSingleItemAsMediaProvider(contentUri, projection, |
| selection, selectionArgs, null)) { |
| c.moveToFirst(); |
| ownerPackageName = c.getString(0); |
| id = c.getInt(1); |
| mediaType = c.getInt(2); |
| } catch (FileNotFoundException e) { |
| // Ideally, this shouldn't happen unless the file was deleted after we checked its |
| // existence and before we get to the redaction logic here. In this case we throw |
| // and fail the operation and FuseDaemon should handle this and fail the whole open |
| // operation gracefully. |
| throw new FileNotFoundException( |
| path + " not found while calculating redaction ranges: " + e.getMessage()); |
| } |
| |
| final boolean callerIsOwner = Objects.equals(getCallingPackageOrSelf(), |
| ownerPackageName); |
| |
| // Do not redact if the caller is the owner |
| if (callerIsOwner) { |
| return new long[0]; |
| } |
| |
| // Do not redact if the caller has write uri permission granted on the file. |
| final Uri fileUri = ContentUris.withAppendedId(contentUri, id); |
| boolean callerHasWriteUriPermission = getContext().checkUriPermission( |
| fileUri, mCallingIdentity.get().pid, mCallingIdentity.get().uid, |
| Intent.FLAG_GRANT_WRITE_URI_PERMISSION) == PERMISSION_GRANTED; |
| if (callerHasWriteUriPermission) { |
| return new long[0]; |
| } |
| // Check if the caller has write access to other uri formats for the same file. |
| callerHasWriteUriPermission = getOtherUriGrantsForPath(path, mediaType, |
| Long.toString(id), /* forWrite */ true) != null; |
| if (callerHasWriteUriPermission) { |
| return new long[0]; |
| } |
| |
| return getRedactionRanges(file).redactionRanges; |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| |
| /** |
| * Calculates the ranges containing sensitive metadata that should be redacted if the caller |
| * doesn't have the required permissions. |
| * |
| * @param file file to be redacted |
| * @return the ranges to be redacted in a RedactionInfo object, could be empty redaction ranges |
| * if there's sensitive metadata |
| * @throws IOException if an IOException happens while calculating the redaction ranges |
| */ |
| @VisibleForTesting |
| public static RedactionInfo getRedactionRanges(File file) throws IOException { |
| try (FileInputStream is = new FileInputStream(file)) { |
| return getRedactionRanges(is, MimeUtils.resolveMimeType(file)); |
| } catch (FileNotFoundException ignored) { |
| // If file not found, then there's nothing to redact |
| return new RedactionInfo(); |
| } catch (IOException e) { |
| throw new IOException("Failed to redact " + file, e); |
| } |
| } |
| |
| /** |
| * Calculates the ranges containing sensitive metadata that should be redacted if the caller |
| * doesn't have the required permissions. |
| * |
| * @param fis {@link FileInputStream} to be redacted |
| * @return the ranges to be redacted in a RedactionInfo object, could be empty redaction ranges |
| * if there's sensitive metadata |
| * @throws IOException if an IOException happens while calculating the redaction ranges |
| */ |
| @VisibleForTesting |
| public static RedactionInfo getRedactionRanges(FileInputStream fis, String mimeType) |
| throws IOException { |
| final LongArray res = new LongArray(); |
| final LongArray freeOffsets = new LongArray(); |
| |
| Trace.beginSection("getRedactionRanges"); |
| try { |
| if (ExifInterface.isSupportedMimeType(mimeType)) { |
| final ExifInterface exif = new ExifInterface(fis.getFD()); |
| for (String tag : REDACTED_EXIF_TAGS) { |
| final long[] range = exif.getAttributeRange(tag); |
| if (range != null) { |
| res.add(range[0]); |
| res.add(range[0] + range[1]); |
| } |
| } |
| // Redact xmp where present |
| final XmpInterface exifXmp = XmpInterface.fromContainer(exif); |
| res.addAll(exifXmp.getRedactionRanges()); |
| } |
| |
| if (IsoInterface.isSupportedMimeType(mimeType)) { |
| final IsoInterface iso = IsoInterface.fromFileDescriptor(fis.getFD()); |
| for (int box : REDACTED_ISO_BOXES) { |
| final long[] ranges = iso.getBoxRanges(box); |
| for (int i = 0; i < ranges.length; i += 2) { |
| long boxTypeOffset = ranges[i] - 4; |
| freeOffsets.add(boxTypeOffset); |
| res.add(boxTypeOffset); |
| res.add(ranges[i + 1]); |
| } |
| } |
| // Redact xmp where present |
| final XmpInterface isoXmp = XmpInterface.fromContainer(iso); |
| res.addAll(isoXmp.getRedactionRanges()); |
| } |
| |
| return new RedactionInfo(res.toArray(), freeOffsets.toArray()); |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| /** |
| * @return {@code true} if {@code file} is pending from FUSE, {@code false} otherwise. |
| * Files pending from FUSE will not have pending file pattern. |
| */ |
| private static boolean isPendingFromFuse(@NonNull File file) { |
| final Matcher matcher = |
| FileUtils.PATTERN_EXPIRES_FILE.matcher(extractDisplayName(file.getName())); |
| return !matcher.matches(); |
| } |
| |
| private FileAccessAttributes queryForFileAttributes(final String path) |
| throws FileNotFoundException { |
| Trace.beginSection("queryFileAttr"); |
| final Uri contentUri = FileUtils.getContentUriForPath(path); |
| final String[] projection = new String[]{ |
| MediaColumns._ID, |
| MediaColumns.OWNER_PACKAGE_NAME, |
| MediaColumns.IS_PENDING, |
| FileColumns.MEDIA_TYPE, |
| MediaColumns.IS_TRASHED |
| }; |
| final String selection = MediaColumns.DATA + "=?"; |
| final String[] selectionArgs = new String[]{path}; |
| FileAccessAttributes fileAccessAttributes; |
| try (final Cursor c = queryForSingleItemAsMediaProvider(contentUri, projection, |
| selection, |
| selectionArgs, null)) { |
| fileAccessAttributes = FileAccessAttributes.fromCursor(c); |
| } |
| Trace.endSection(); |
| return fileAccessAttributes; |
| } |
| |
| private void checkIfFileOpenIsPermitted(String path, |
| FileAccessAttributes fileAccessAttributes, String redactedUriId, |
| boolean forWrite) throws FileNotFoundException { |
| final File file = new File(path); |
| Uri fileUri = MediaStore.Files.getContentUri(extractVolumeName(path), |
| fileAccessAttributes.getId()); |
| // We don't check ownership for files with IS_PENDING set by FUSE |
| // Please note that even if ownerPackageName is null, the check below will throw an |
| // IllegalStateException |
| if (fileAccessAttributes.isTrashed() || (fileAccessAttributes.isPending() |
| && !isPendingFromFuse(new File(path)))) { |
| requireOwnershipForItem(fileAccessAttributes.getOwnerPackageName(), fileUri); |
| } |
| |
| // Check that path looks consistent before uri checks |
| if (!FileUtils.contains(Environment.getStorageDirectory(), file)) { |
| checkWorldReadAccess(file.getAbsolutePath()); |
| } |
| |
| try { |
| // checkAccess throws FileNotFoundException only from checkWorldReadAccess(), |
| // which we already check above. Hence, handling only SecurityException. |
| if (redactedUriId != null) { |
| fileUri = ContentUris.removeId(fileUri).buildUpon().appendPath( |
| redactedUriId).build(); |
| } |
| checkAccess(fileUri, Bundle.EMPTY, file, forWrite); |
| } catch (SecurityException e) { |
| // Check for other Uri formats only when the single uri check flow fails. |
| // Throw the previous exception if the multi-uri checks failed. |
| final String uriId = redactedUriId == null |
| ? Long.toString(fileAccessAttributes.getId()) : redactedUriId; |
| if (getOtherUriGrantsForPath(path, fileAccessAttributes.getMediaType(), |
| uriId, forWrite) == null) { |
| throw e; |
| } |
| } |
| } |
| |
| |
| /** |
| * Checks if the app identified by the given UID is allowed to open the given file for the given |
| * access mode. |
| * |
| * @param path the path of the file to be opened |
| * @param uid UID of the app requesting to open the file |
| * @param forWrite specifies if the file is to be opened for write |
| * @return {@link FileOpenResult} with {@code status} {@code 0} upon success and |
| * {@link FileOpenResult} with {@code status} {@link OsConstants#EACCES} if the operation is |
| * illegal or not permitted for the given {@code uid} or if the calling package is a legacy app |
| * that doesn't have right storage permission. |
| * |
| * Called from JNI in jni/MediaProviderWrapper.cpp |
| */ |
| @Keep |
| public FileOpenResult onFileOpenForFuse(String path, String ioPath, int uid, int tid, |
| int transformsReason, boolean forWrite, boolean redact, boolean logTransformsMetrics) { |
| final LocalCallingIdentity token = |
| clearLocalCallingIdentity(getCachedCallingIdentityForFuse(uid)); |
| |
| PulledMetrics.logFileAccessViaFuse(getCallingUidOrSelf(), path); |
| |
| boolean isSuccess = false; |
| |
| final int originalUid = getBinderUidForFuse(uid, tid); |
| final int callingUserId = uidToUserId(uid); |
| int mediaCapabilitiesUid = 0; |
| final PendingOpenInfo pendingOpenInfo; |
| synchronized (mPendingOpenInfo) { |
| pendingOpenInfo = mPendingOpenInfo.get(tid); |
| } |
| |
| if (pendingOpenInfo != null && pendingOpenInfo.uid == originalUid) { |
| mediaCapabilitiesUid = pendingOpenInfo.mediaCapabilitiesUid; |
| } |
| |
| try { |
| boolean forceRedaction = false; |
| String redactedUriId = null; |
| if (isSyntheticPath(path, callingUserId)) { |
| if (forWrite) { |
| // Synthetic URIs are not allowed to update EXIF headers. |
| return new FileOpenResult(OsConstants.EACCES /* status */, originalUid, |
| mediaCapabilitiesUid, new long[0]); |
| } |
| |
| if (isRedactedPath(path, callingUserId)) { |
| redactedUriId = extractFileName(path); |
| |
| // If path is redacted Uris' path, ioPath must be the real path, ioPath must |
| // haven been updated to the real path during onFileLookupForFuse. |
| path = ioPath; |
| |
| // Irrespective of the permissions we want to redact in this case. |
| redact = true; |
| forceRedaction = true; |
| } else if (isPickerPath(path, callingUserId)) { |
| return handlePickerFileOpen(path, originalUid); |
| } else { |
| // we don't support any other transformations under .transforms/synthetic dir |
| return new FileOpenResult(OsConstants.ENOENT /* status */, originalUid, |
| mediaCapabilitiesUid, new long[0]); |
| } |
| } |
| |
| if (isPrivatePackagePathNotAccessibleByCaller(path)) { |
| Log.e(TAG, "Can't open a file in another app's external directory!"); |
| return new FileOpenResult(OsConstants.ENOENT, originalUid, mediaCapabilitiesUid, |
| new long[0]); |
| } |
| |
| if (shouldBypassFuseRestrictions(forWrite, path)) { |
| isSuccess = true; |
| return new FileOpenResult(0 /* status */, originalUid, mediaCapabilitiesUid, |
| redact ? getRedactionRangesForFuse(path, ioPath, originalUid, uid, tid, |
| forceRedaction) : new long[0]); |
| } |
| // Legacy apps that made is this far don't have the right storage permission and hence |
| // are not allowed to access anything other than their external app directory |
| if (isCallingPackageRequestingLegacy()) { |
| return new FileOpenResult(OsConstants.EACCES /* status */, originalUid, |
| mediaCapabilitiesUid, new long[0]); |
| } |
| // TODO: Fetch owner id from Android/media directory and check if caller is owner |
| FileAccessAttributes fileAttributes = null; |
| if (XAttrUtils.ENABLE_XATTR_METADATA_FOR_FUSE) { |
| Optional<FileAccessAttributes> fileAttributesThroughXattr = |
| XAttrUtils.getFileAttributesFromXAttr(path, |
| XAttrUtils.FILE_ACCESS_XATTR_KEY); |
| if (fileAttributesThroughXattr.isPresent()) { |
| fileAttributes = fileAttributesThroughXattr.get(); |
| } |
| } |
| |
| // FileAttributes will be null if the xattr call failed or the flag to enable xattr |
| // metadata support is not set |
| if (fileAttributes == null) { |
| fileAttributes = queryForFileAttributes(path); |
| } |
| checkIfFileOpenIsPermitted(path, fileAttributes, redactedUriId, forWrite); |
| isSuccess = true; |
| return new FileOpenResult(0 /* status */, originalUid, mediaCapabilitiesUid, |
| redact ? getRedactionRangesForFuse(path, ioPath, originalUid, uid, tid, |
| forceRedaction) : new long[0]); |
| } catch (IOException e) { |
| // We are here because |
| // * There is no db row corresponding to the requested path, which is more unlikely. |
| // * getRedactionRangesForFuse couldn't fetch the redaction info correctly |
| // In all of these cases, it means that app doesn't have access permission to the file. |
| Log.e(TAG, "Couldn't find file: " + path, e); |
| return new FileOpenResult(OsConstants.EACCES /* status */, originalUid, |
| mediaCapabilitiesUid, new long[0]); |
| } catch (IllegalStateException | SecurityException e) { |
| Log.e(TAG, "Permission to access file: " + path + " is denied"); |
| return new FileOpenResult(OsConstants.EACCES /* status */, originalUid, |
| mediaCapabilitiesUid, new long[0]); |
| } finally { |
| if (isSuccess && logTransformsMetrics) { |
| notifyTranscodeHelperOnFileOpen(path, ioPath, originalUid, transformsReason); |
| } |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| |
| private @Nullable Uri getOtherUriGrantsForPath(String path, boolean forWrite) { |
| final Uri contentUri = FileUtils.getContentUriForPath(path); |
| final String[] projection = new String[]{ |
| MediaColumns._ID, |
| FileColumns.MEDIA_TYPE}; |
| final String selection = MediaColumns.DATA + "=?"; |
| final String[] selectionArgs = new String[]{path}; |
| final String id; |
| final int mediaType; |
| try (final Cursor c = queryForSingleItemAsMediaProvider(contentUri, projection, selection, |
| selectionArgs, null)) { |
| id = c.getString(0); |
| mediaType = c.getInt(1); |
| return getOtherUriGrantsForPath(path, mediaType, id, forWrite); |
| } catch (FileNotFoundException ignored) { |
| } |
| return null; |
| } |
| |
| @Nullable |
| private Uri getOtherUriGrantsForPath(String path, int mediaType, String id, boolean forWrite) { |
| List<Uri> otherUris = new ArrayList<Uri>(); |
| final Uri mediaUri = getMediaUriForFuse(extractVolumeName(path), mediaType, id); |
| otherUris.add(mediaUri); |
| final Uri externalMediaUri = getMediaUriForFuse(MediaStore.VOLUME_EXTERNAL, mediaType, id); |
| otherUris.add(externalMediaUri); |
| return getPermissionGrantedUri(otherUris, forWrite); |
| } |
| |
| @NonNull |
| private Uri getMediaUriForFuse(@NonNull String volumeName, int mediaType, String id) { |
| Uri uri = MediaStore.Files.getContentUri(volumeName); |
| switch (mediaType) { |
| case FileColumns.MEDIA_TYPE_IMAGE: |
| uri = MediaStore.Images.Media.getContentUri(volumeName); |
| break; |
| case FileColumns.MEDIA_TYPE_VIDEO: |
| uri = MediaStore.Video.Media.getContentUri(volumeName); |
| break; |
| case FileColumns.MEDIA_TYPE_AUDIO: |
| uri = MediaStore.Audio.Media.getContentUri(volumeName); |
| break; |
| case FileColumns.MEDIA_TYPE_PLAYLIST: |
| uri = MediaStore.Audio.Playlists.getContentUri(volumeName); |
| break; |
| } |
| |
| return uri.buildUpon().appendPath(id).build(); |
| } |
| |
| /** |
| * Returns {@code true} if {@link #mCallingIdentity#getSharedPackages(String)} contains the |
| * given package name, {@code false} otherwise. |
| * <p> Assumes that {@code mCallingIdentity} has been properly set to reflect the calling |
| * package. |
| */ |
| private boolean isCallingIdentitySharedPackageName(@NonNull String packageName) { |
| for (String sharedPkgName : mCallingIdentity.get().getSharedPackageNames()) { |
| if (packageName.toLowerCase(Locale.ROOT) |
| .equals(sharedPkgName.toLowerCase(Locale.ROOT))) { |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| /** |
| * @throws IllegalStateException if path is invalid or doesn't match a volume. |
| */ |
| @NonNull |
| private Uri getContentUriForFile(@NonNull String filePath, @NonNull String mimeType) { |
| final String volName; |
| try { |
| volName = FileUtils.getVolumeName(getContext(), new File(filePath)); |
| } catch (FileNotFoundException e) { |
| throw new IllegalStateException("Couldn't get volume name for " + filePath); |
| } |
| Uri uri = Files.getContentUri(volName); |
| String topLevelDir = extractTopLevelDir(filePath); |
| if (topLevelDir == null) { |
| // If the file path doesn't match the external storage directory, we use the files URI |
| // as default and let #insert enforce the restrictions |
| return uri; |
| } |
| topLevelDir = topLevelDir.toLowerCase(Locale.ROOT); |
| |
| switch (topLevelDir) { |
| case DIRECTORY_PODCASTS_LOWER_CASE: |
| case DIRECTORY_RINGTONES_LOWER_CASE: |
| case DIRECTORY_ALARMS_LOWER_CASE: |
| case DIRECTORY_NOTIFICATIONS_LOWER_CASE: |
| case DIRECTORY_AUDIOBOOKS_LOWER_CASE: |
| case DIRECTORY_RECORDINGS_LOWER_CASE: |
| uri = Audio.Media.getContentUri(volName); |
| break; |
| case DIRECTORY_MUSIC_LOWER_CASE: |
| if (MimeUtils.isPlaylistMimeType(mimeType)) { |
| uri = Audio.Playlists.getContentUri(volName); |
| } else if (!MimeUtils.isSubtitleMimeType(mimeType)) { |
| // Send Files uri for media type subtitle |
| uri = Audio.Media.getContentUri(volName); |
| } |
| break; |
| case DIRECTORY_MOVIES_LOWER_CASE: |
| if (MimeUtils.isPlaylistMimeType(mimeType)) { |
| uri = Audio.Playlists.getContentUri(volName); |
| } else if (!MimeUtils.isSubtitleMimeType(mimeType)) { |
| // Send Files uri for media type subtitle |
| uri = Video.Media.getContentUri(volName); |
| } |
| break; |
| case DIRECTORY_DCIM_LOWER_CASE: |
| case DIRECTORY_PICTURES_LOWER_CASE: |
| if (MimeUtils.isImageMimeType(mimeType)) { |
| uri = Images.Media.getContentUri(volName); |
| } else { |
| uri = Video.Media.getContentUri(volName); |
| } |
| break; |
| case DIRECTORY_DOWNLOADS_LOWER_CASE: |
| case DIRECTORY_DOCUMENTS_LOWER_CASE: |
| break; |
| default: |
| Log.w(TAG, "Forgot to handle a top level directory in getContentUriForFile?"); |
| } |
| return uri; |
| } |
| |
| private boolean containsIgnoreCase(@Nullable List<String> stringsList, @Nullable String item) { |
| if (item == null || stringsList == null) return false; |
| |
| for (String current : stringsList) { |
| if (item.equalsIgnoreCase(current)) return true; |
| } |
| return false; |
| } |
| |
| private boolean fileExists(@NonNull String absolutePath) { |
| // We don't care about specific columns in the match, |
| // we just want to check IF there's a match |
| final String[] projection = {}; |
| final String selection = FileColumns.DATA + " = ?"; |
| final String[] selectionArgs = {absolutePath}; |
| final Uri uri = FileUtils.getContentUriForPath(absolutePath); |
| |
| final LocalCallingIdentity token = clearLocalCallingIdentity(); |
| try { |
| try (final Cursor c = query(uri, projection, selection, selectionArgs, null)) { |
| // Shouldn't return null |
| return c.getCount() > 0; |
| } |
| } finally { |
| clearLocalCallingIdentity(token); |
| } |
| } |
| |
| private Uri insertFileForFuse(@NonNull String path, @NonNull Uri uri, @NonNull String mimeType, |
| boolean useData) { |
| ContentValues values = new ContentValues(); |
| values.put(FileColumns.OWNER_PACKAGE_NAME, getCallingPackageOrSelf()); |
| values.put(MediaColumns.MIME_TYPE, mimeType); |
| values.put(FileColumns.IS_PENDING, 1); |
| |
| if (useData) { |
| values.put(FileColumns.DATA, path); |
| } else { |
| values.put(FileColumns.VOLUME_NAME, extractVolumeName(path)); |
| values.put(FileColumns.RELATIVE_PATH, extractRelativePath(path)); |
| values.put(FileColumns.DISPLAY_NAME, extractDisplayName(path)); |
| } |
| return insert(uri, values, Bundle.EMPTY); |
| } |
| |
| /** |
| * Enforces file creation restrictions (see return values) for the given file on behalf of the |
| * app with the given {@code uid}. If the file is added to the shared storage, creates a |
| * database entry for it. |
| * <p> Does NOT create file. |
| * |
| * @param path the path of the file |
| * @param uid UID of the app requesting to create the file |
| * @return In case of success, 0. If the operation is illegal or not permitted, returns the |
| * appropriate {@code errno} value: |
| * <ul> |
| * <li>{@link OsConstants#ENOENT} if the app tries to create file in other app's external dir |
| * <li>{@link OsConstants#EEXIST} if the file already exists |
| * <li>{@link OsConstants#EPERM} if the file type doesn't match the relative path, or if the |
| * calling package is a legacy app that doesn't have WRITE_EXTERNAL_STORAGE permission. |
| * <li>{@link OsConstants#EIO} in case of any other I/O exception |
| * </ul> |
| * |
| * @throws IllegalStateException if given path is invalid. |
| * |
| * Called from JNI in jni/MediaProviderWrapper.cpp |
| */ |
| @Keep |
| public int insertFileIfNecessaryForFuse(@NonNull String path, int uid) { |
| final LocalCallingIdentity token = |
| clearLocalCallingIdentity(getCachedCallingIdentityForFuse(uid)); |
| PulledMetrics.logFileAccessViaFuse(getCallingUidOrSelf(), path); |
| |
| try { |
| if (isPrivatePackagePathNotAccessibleByCaller(path)) { |
| Log.e(TAG, "Can't create a file in another app's external directory"); |
| return OsConstants.ENOENT; |
| } |
| |
| if (!path.equals(getAbsoluteSanitizedPath(path))) { |
| Log.e(TAG, "File name contains invalid characters"); |
| return OsConstants.EPERM; |
| } |
| |
| if (shouldBypassDatabaseAndSetDirtyForFuse(uid, path)) { |
| if (path.endsWith("/.nomedia")) { |
| File parent = new File(path).getParentFile(); |
| synchronized (mNonHiddenPaths) { |
| mNonHiddenPaths.keySet().removeIf( |
| k -> FileUtils.contains(parent, new File(k))); |
| } |
| } |
| return 0; |
| } |
| |
| final String mimeType = MimeUtils.resolveMimeType(new File(path)); |
| |
| if (shouldBypassFuseRestrictions(/*forWrite*/ true, path)) { |
| final boolean callerRequestingLegacy = isCallingPackageRequestingLegacy(); |
| if (!fileExists(path)) { |
| // If app has already inserted the db row, inserting the row again might set |
| // IS_PENDING=1. We shouldn't overwrite existing entry as part of FUSE |
| // operation, hence, insert the db row only when it doesn't exist. |
| try { |
| insertFileForFuse(path, FileUtils.getContentUriForPath(path), |
| mimeType, /*useData*/ callerRequestingLegacy); |
| } catch (Exception ignored) { |
| } |
| } else { |
| // Upon creating a file via FUSE, if a row matching the path already exists |
| // but a file doesn't exist on the filesystem, we transfer ownership to the |
| // app attempting to create the file. If we don't update ownership, then the |
| // app that inserted the original row may be able to observe the contents of |
| // written file even though they don't hold the right permissions to do so. |
| if (callerRequestingLegacy) { |
| final String owner = getCallingPackageOrSelf(); |
| if (owner != null && !updateOwnerForPath(path, owner)) { |
| return OsConstants.EPERM; |
| } |
| } |
| } |
| |
| return 0; |
| } |
| |
| // Legacy apps that made is this far don't have the right storage permission and hence |
| // are not allowed to access anything other than their external app directory |
| if (isCallingPackageRequestingLegacy()) { |
| return OsConstants.EPERM; |
| } |
| |
| if (fileExists(path)) { |
| // If the file already exists in the db, we shouldn't allow the file creation. |
| return OsConstants.EEXIST; |
| } |
| |
| final Uri contentUri = getContentUriForFile(path, mimeType); |
| final Uri item = insertFileForFuse(path, contentUri, mimeType, /*useData*/ false); |
| if (item == null) { |
| return OsConstants.EPERM; |
| } |
| return 0; |
| } catch (IllegalArgumentException e) { |
| Log.e(TAG, "insertFileIfNecessary failed", e); |
| return OsConstants.EPERM; |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| |
| private boolean updateOwnerForPath(@NonNull String path, @NonNull String newOwner) { |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(FileUtils.getContentUriForPath(path)); |
| } catch (VolumeNotFoundException e) { |
| // Cannot happen, as this is a path that we already resolved. |
| throw new AssertionError("Path must already be resolved", e); |
| } |
| |
| ContentValues values = new ContentValues(1); |
| values.put(FileColumns.OWNER_PACKAGE_NAME, newOwner); |
| |
| return helper.runWithoutTransaction((db) -> { |
| return db.update("files", values, "_data=?", new String[] { path }); |
| }) == 1; |
| } |
| |
| private static int deleteFileUnchecked(@NonNull String path) { |
| final File toDelete = new File(path); |
| if (toDelete.delete()) { |
| return 0; |
| } else { |
| return OsConstants.ENOENT; |
| } |
| } |
| |
| /** |
| * Deletes file with the given {@code path} on behalf of the app with the given {@code uid}. |
| * <p>Before deleting, checks if app has permissions to delete this file. |
| * |
| * @param path the path of the file |
| * @param uid UID of the app requesting to delete the file |
| * @return 0 upon success. |
| * In case of error, return the appropriate negated {@code errno} value: |
| * <ul> |
| * <li>{@link OsConstants#ENOENT} if the file does not exist or if the app tries to delete file |
| * in another app's external dir |
| * <li>{@link OsConstants#EPERM} a security exception was thrown by {@link #delete}, or if the |
| * calling package is a legacy app that doesn't have WRITE_EXTERNAL_STORAGE permission. |
| * </ul> |
| * |
| * Called from JNI in jni/MediaProviderWrapper.cpp |
| */ |
| @Keep |
| public int deleteFileForFuse(@NonNull String path, int uid) throws IOException { |
| final LocalCallingIdentity token = |
| clearLocalCallingIdentity(getCachedCallingIdentityForFuse(uid)); |
| PulledMetrics.logFileAccessViaFuse(getCallingUidOrSelf(), path); |
| |
| try { |
| if (isPrivatePackagePathNotAccessibleByCaller(path)) { |
| Log.e(TAG, "Can't delete a file in another app's external directory!"); |
| return OsConstants.ENOENT; |
| } |
| |
| if (shouldBypassDatabaseAndSetDirtyForFuse(uid, path)) { |
| return deleteFileUnchecked(path); |
| } |
| |
| final boolean shouldBypass = shouldBypassFuseRestrictions(/*forWrite*/ true, path); |
| |
| // Legacy apps that made is this far don't have the right storage permission and hence |
| // are not allowed to access anything other than their external app directory |
| if (!shouldBypass && isCallingPackageRequestingLegacy()) { |
| return OsConstants.EPERM; |
| } |
| |
| final Uri contentUri = FileUtils.getContentUriForPath(path); |
| final String where = FileColumns.DATA + " = ?"; |
| final String[] whereArgs = {path}; |
| |
| if (delete(contentUri, where, whereArgs) == 0) { |
| if (shouldBypass) { |
| return deleteFileUnchecked(path); |
| } |
| return OsConstants.ENOENT; |
| } else { |
| // success - 1 file was deleted |
| return 0; |
| } |
| |
| } catch (SecurityException e) { |
| Log.e(TAG, "File deletion not allowed", e); |
| return OsConstants.EPERM; |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| |
| // These need to stay in sync with MediaProviderWrapper.cpp's DirectoryAccessRequestType enum |
| @IntDef(flag = true, prefix = { "DIRECTORY_ACCESS_FOR_" }, value = { |
| DIRECTORY_ACCESS_FOR_READ, |
| DIRECTORY_ACCESS_FOR_WRITE, |
| DIRECTORY_ACCESS_FOR_CREATE, |
| DIRECTORY_ACCESS_FOR_DELETE, |
| }) |
| @Retention(RetentionPolicy.SOURCE) |
| @VisibleForTesting |
| @interface DirectoryAccessType {} |
| |
| @VisibleForTesting |
| static final int DIRECTORY_ACCESS_FOR_READ = 1; |
| |
| @VisibleForTesting |
| static final int DIRECTORY_ACCESS_FOR_WRITE = 2; |
| |
| @VisibleForTesting |
| static final int DIRECTORY_ACCESS_FOR_CREATE = 3; |
| |
| @VisibleForTesting |
| static final int DIRECTORY_ACCESS_FOR_DELETE = 4; |
| |
| /** |
| * Checks whether the app with the given UID is allowed to access the directory denoted by the |
| * given path. |
| * |
| * @param path directory's path |
| * @param uid UID of the requesting app |
| * @param accessType type of access being requested - eg {@link |
| * MediaProvider#DIRECTORY_ACCESS_FOR_READ} |
| * @return 0 if it's allowed to access the directory, {@link OsConstants#ENOENT} for attempts |
| * to access a private package path in Android/data or Android/obb the caller doesn't have |
| * access to, and otherwise {@link OsConstants#EACCES} if the calling package is a legacy app |
| * that doesn't have READ_EXTERNAL_STORAGE permission or for other invalid attempts to access |
| * Android/data or Android/obb dirs. |
| * |
| * Called from JNI in jni/MediaProviderWrapper.cpp |
| */ |
| @Keep |
| public int isDirAccessAllowedForFuse(@NonNull String path, int uid, |
| @DirectoryAccessType int accessType) { |
| Preconditions.checkArgumentInRange(accessType, 1, DIRECTORY_ACCESS_FOR_DELETE, |
| "accessType"); |
| |
| final boolean forRead = accessType == DIRECTORY_ACCESS_FOR_READ; |
| final LocalCallingIdentity token = |
| clearLocalCallingIdentity(getCachedCallingIdentityForFuse(uid)); |
| PulledMetrics.logFileAccessViaFuse(getCallingUidOrSelf(), path); |
| try { |
| if ("/storage/emulated".equals(path)) { |
| return OsConstants.EPERM; |
| } |
| if (isPrivatePackagePathNotAccessibleByCaller(path)) { |
| Log.e(TAG, "Can't access another app's external directory!"); |
| return OsConstants.ENOENT; |
| } |
| |
| if (shouldBypassFuseRestrictions(/* forWrite= */ !forRead, path)) { |
| return 0; |
| } |
| |
| // Do not allow apps that reach this point to access Android/data or Android/obb dirs. |
| // Creation should be via getContext().getExternalFilesDir() etc methods. |
| // Reads and writes on primary volumes should be via mount views of lowerfs for apps |
| // that get special access to these directories. |
| // Reads and writes on secondary volumes would be provided via an early return from |
| // shouldBypassFuseRestrictions above (again just for apps with special access). |
| if (isDataOrObbPath(path)) { |
| return OsConstants.EACCES; |
| } |
| |
| // Legacy apps that made is this far don't have the right storage permission and hence |
| // are not allowed to access anything other than their external app directory |
| if (isCallingPackageRequestingLegacy()) { |
| return OsConstants.EACCES; |
| } |
| // This is a non-legacy app. Rest of the directories are generally writable |
| // except for non-default top-level directories. |
| if (!forRead) { |
| final String[] relativePath = sanitizePath(extractRelativePath(path)); |
| if (relativePath.length == 0) { |
| Log.e(TAG, |
| "Directory update not allowed on invalid relative path for " + path); |
| return OsConstants.EPERM; |
| } |
| final boolean isTopLevelDir = |
| relativePath.length == 1 && TextUtils.isEmpty(relativePath[0]); |
| if (isTopLevelDir) { |
| // We don't allow deletion of any top-level folders |
| if (accessType == DIRECTORY_ACCESS_FOR_DELETE) { |
| Log.e(TAG, "Deleting top level directories are not allowed!"); |
| return OsConstants.EACCES; |
| } |
| |
| // We allow creating or writing to default top-level folders, but we don't |
| // allow creation or writing to non-default top-level folders. |
| if ((accessType == DIRECTORY_ACCESS_FOR_CREATE |
| || accessType == DIRECTORY_ACCESS_FOR_WRITE) |
| && FileUtils.isDefaultDirectoryName(extractDisplayName(path))) { |
| return 0; |
| } |
| |
| Log.e(TAG, |
| "Creating or writing to a non-default top level directory is not " |
| + "allowed!"); |
| return OsConstants.EACCES; |
| } |
| } |
| |
| return 0; |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| |
| @Keep |
| public boolean isUidAllowedAccessToDataOrObbPathForFuse(int uid, String path) { |
| final LocalCallingIdentity token = |
| clearLocalCallingIdentity(getCachedCallingIdentityForFuse(uid)); |
| try { |
| return isCallingIdentityAllowedAccessToDataOrObbPath( |
| extractRelativePathWithDisplayName(path)); |
| } finally { |
| restoreLocalCallingIdentity(token); |
| } |
| } |
| |
| private boolean isCallingIdentityAllowedAccessToDataOrObbPath(String relativePath) { |
| // Files under the apps own private directory |
| final String appSpecificDir = extractOwnerPackageNameFromRelativePath(relativePath); |
| |
| if (appSpecificDir != null && isCallingIdentitySharedPackageName(appSpecificDir)) { |
| return true; |
| } |
| // This is a private-package relativePath; return true if accessible by the caller |
| return isCallingIdentityAllowedSpecialPrivatePathAccess(relativePath); |
| } |
| |
| /** |
| * @return true iff the caller has installer privileges which gives write access to obb dirs. |
| */ |
| private boolean isCallingIdentityAllowedInstallerAccess() { |
| final boolean hasWrite = mCallingIdentity.get(). |
| hasPermission(PERMISSION_WRITE_EXTERNAL_STORAGE); |
| |
| if (!hasWrite) { |
| return false; |
| } |
| |
| // We're only willing to give out installer access if they also hold |
| // runtime permission; this is a firm CDD requirement |
| final boolean hasInstall = mCallingIdentity.get(). |
| hasPermission(PERMISSION_INSTALL_PACKAGES); |
| |
| if (hasInstall) { |
| return true; |
| } |
| // OPSTR_REQUEST_INSTALL_PACKAGES is granted/denied per package but vold can't |
| // update mountpoints of a specific package. So, check the appop for all packages |
| // sharing the uid and allow same level of storage access for all packages even if |
| // one of the packages has the appop granted. |
| // To maintain consistency of access in primary volume and secondary volumes use the same |
| // logic as we do for Zygote.MOUNT_EXTERNAL_INSTALLER view. |
| return mCallingIdentity.get().hasPermission(APPOP_REQUEST_INSTALL_PACKAGES_FOR_SHARED_UID); |
| } |
| |
| private String getExternalStorageProviderAuthority() { |
| if (SdkLevel.isAtLeastS()) { |
| return getExternalStorageProviderAuthorityFromDocumentsContract(); |
| } |
| return MediaStore.EXTERNAL_STORAGE_PROVIDER_AUTHORITY; |
| } |
| |
| @RequiresApi(Build.VERSION_CODES.S) |
| private String getExternalStorageProviderAuthorityFromDocumentsContract() { |
| return DocumentsContract.EXTERNAL_STORAGE_PROVIDER_AUTHORITY; |
| } |
| |
| private String getDownloadsProviderAuthority() { |
| if (SdkLevel.isAtLeastS()) { |
| return getDownloadsProviderAuthorityFromDocumentsContract(); |
| } |
| return DOWNLOADS_PROVIDER_AUTHORITY; |
| } |
| |
| @RequiresApi(Build.VERSION_CODES.S) |
| private String getDownloadsProviderAuthorityFromDocumentsContract() { |
| return DocumentsContract.EXTERNAL_STORAGE_PROVIDER_AUTHORITY; |
| } |
| |
| private boolean isCallingIdentityDownloadProvider() { |
| return getCallingUidOrSelf() == mDownloadsAuthorityAppId; |
| } |
| |
| private boolean isCallingIdentityExternalStorageProvider() { |
| return getCallingUidOrSelf() == mExternalStorageAuthorityAppId; |
| } |
| |
| private boolean isCallingIdentityMtp() { |
| return mCallingIdentity.get().hasPermission(PERMISSION_ACCESS_MTP); |
| } |
| |
| /** |
| * The following apps have access to all private-app directories on secondary volumes: |
| * * ExternalStorageProvider |
| * * DownloadProvider |
| * * Signature apps with ACCESS_MTP permission granted |
| * (Note: For Android R we also allow privileged apps with ACCESS_MTP to access all |
| * private-app directories, this additional access is removed for Android S+). |
| * |
| * Installer apps can only access private-app directories on Android/obb. |
| * |
| * @param relativePath the relative path of the file to access |
| */ |
| private boolean isCallingIdentityAllowedSpecialPrivatePathAccess(String relativePath) { |
| if (SdkLevel.isAtLeastS()) { |
| return isMountModeAllowedPrivatePathAccess(getCallingUidOrSelf(), getCallingPackage(), |
| relativePath); |
| } else { |
| if (isCallingIdentityDownloadProvider() || |
| isCallingIdentityExternalStorageProvider() || isCallingIdentityMtp()) { |
| return true; |
| } |
| return (isObbOrChildRelativePath(relativePath) && |
| isCallingIdentityAllowedInstallerAccess()); |
| } |
| } |
| |
| @RequiresApi(Build.VERSION_CODES.S) |
| private boolean isMountModeAllowedPrivatePathAccess(int uid, String packageName, |
| String relativePath) { |
| // This is required as only MediaProvider (package with WRITE_MEDIA_STORAGE) can access |
| // mount modes. |
| final CallingIdentity token = clearCallingIdentity(); |
| try { |
| final int mountMode = mStorageManager.getExternalStorageMountMode(uid, packageName); |
| switch (mountMode) { |
| case StorageManager.MOUNT_MODE_EXTERNAL_ANDROID_WRITABLE: |
| case StorageManager.MOUNT_MODE_EXTERNAL_PASS_THROUGH: |
| return true; |
| case StorageManager.MOUNT_MODE_EXTERNAL_INSTALLER: |
| return isObbOrChildRelativePath(relativePath); |
| } |
| } catch (Exception e) { |
| Log.w(TAG, "Caller does not have the permissions to access mount modes: ", e); |
| } finally { |
| restoreCallingIdentity(token); |
| } |
| return false; |
| } |
| |
| private boolean checkCallingPermissionGlobal(Uri uri, boolean forWrite) { |
| // System internals can work with all media |
| if (isCallingPackageSelf() || isCallingPackageShell()) { |
| return true; |
| } |
| |
| // Apps that have permission to manage external storage can work with all files |
| if (isCallingPackageManager()) { |
| return true; |
| } |
| |
| // Check if caller is known to be owner of this item, to speed up |
| // performance of our permission checks |
| final int table = matchUri(uri, true); |
| switch (table) { |
| case AUDIO_MEDIA_ID: |
| case VIDEO_MEDIA_ID: |
| case IMAGES_MEDIA_ID: |
| case FILES_ID: |
| case DOWNLOADS_ID: |
| final long id = ContentUris.parseId(uri); |
| if (mCallingIdentity.get().isOwned(id)) { |
| return true; |
| } |
| break; |
| default: |
| // continue below |
| } |
| |
| // Check whether the uri is a specific table or not. Don't allow the global access to these |
| // table uris |
| switch (table) { |
| case AUDIO_MEDIA: |
| case IMAGES_MEDIA: |
| case VIDEO_MEDIA: |
| case DOWNLOADS: |
| case FILES: |
| case AUDIO_ALBUMS: |
| case AUDIO_ARTISTS: |
| case AUDIO_GENRES: |
| case AUDIO_PLAYLISTS: |
| return false; |
| default: |
| // continue below |
| } |
| |
| // Outstanding grant means they get access |
| return isUriPermissionGranted(uri, forWrite); |
| } |
| |
| /** |
| * Returns any uri that is granted from the set of Uris passed. |
| */ |
| private @Nullable Uri getPermissionGrantedUri(@NonNull List<Uri> uris, boolean forWrite) { |
| for (Uri uri : uris) { |
| if (isUriPermissionGranted(uri, forWrite)) { |
| return uri; |
| } |
| } |
| return null; |
| } |
| |
| private boolean isUriPermissionGranted(Uri uri, boolean forWrite) { |
| final int modeFlags = forWrite |
| ? Intent.FLAG_GRANT_WRITE_URI_PERMISSION |
| : Intent.FLAG_GRANT_READ_URI_PERMISSION; |
| int uriPermission = getContext().checkUriPermission(uri, mCallingIdentity.get().pid, |
| mCallingIdentity.get().uid, modeFlags); |
| return uriPermission == PERMISSION_GRANTED; |
| } |
| |
| @VisibleForTesting |
| public boolean isFuseThread() { |
| return FuseDaemon.native_is_fuse_thread(); |
| } |
| |
| @VisibleForTesting |
| public boolean getBooleanDeviceConfig(String key, boolean defaultValue) { |
| if (!canReadDeviceConfig(key, defaultValue)) { |
| return defaultValue; |
| } |
| |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| return DeviceConfig.getBoolean(DeviceConfig.NAMESPACE_STORAGE_NATIVE_BOOT, key, |
| defaultValue); |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| } |
| |
| @VisibleForTesting |
| public int getIntDeviceConfig(String key, int defaultValue) { |
| if (!canReadDeviceConfig(key, defaultValue)) { |
| return defaultValue; |
| } |
| |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| return DeviceConfig.getInt(DeviceConfig.NAMESPACE_STORAGE_NATIVE_BOOT, key, |
| defaultValue); |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| } |
| |
| @VisibleForTesting |
| public int getIntDeviceConfig(String namespace, String key, int defaultValue) { |
| if (!canReadDeviceConfig(key, defaultValue)) { |
| return defaultValue; |
| } |
| |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| return DeviceConfig.getInt(namespace, key, defaultValue); |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| } |
| |
| @VisibleForTesting |
| public String getStringDeviceConfig(String key, String defaultValue) { |
| if (!canReadDeviceConfig(key, defaultValue)) { |
| return defaultValue; |
| } |
| |
| final long token = Binder.clearCallingIdentity(); |
| try { |
| return DeviceConfig.getString(DeviceConfig.NAMESPACE_STORAGE_NATIVE_BOOT, key, |
| defaultValue); |
| } finally { |
| Binder.restoreCallingIdentity(token); |
| } |
| } |
| |
| private static <T> boolean canReadDeviceConfig(String key, T defaultValue) { |
| if (SdkLevel.isAtLeastS()) { |
| return true; |
| } |
| |
| Log.w(TAG, "Cannot read device config before Android S. Returning defaultValue: " |
| + defaultValue + " for key: " + key); |
| return false; |
| } |
| |
| @VisibleForTesting |
| public void addOnPropertiesChangedListener(OnPropertiesChangedListener listener) { |
| if (!SdkLevel.isAtLeastS()) { |
| Log.w(TAG, "Cannot add device config changed listener before Android S"); |
| return; |
| } |
| |
| DeviceConfig.addOnPropertiesChangedListener(DeviceConfig.NAMESPACE_STORAGE_NATIVE_BOOT, |
| BackgroundThread.getExecutor(), listener); |
| } |
| |
| @Deprecated |
| private boolean checkCallingPermissionAudio(boolean forWrite, String callingPackage) { |
| if (forWrite) { |
| return mCallingIdentity.get().hasPermission(PERMISSION_WRITE_AUDIO); |
| } else { |
| // write permission should be enough for reading as well |
| return mCallingIdentity.get().hasPermission(PERMISSION_READ_AUDIO) |
| || mCallingIdentity.get().hasPermission(PERMISSION_WRITE_AUDIO); |
| } |
| } |
| |
| @Deprecated |
| private boolean checkCallingPermissionVideo(boolean forWrite, String callingPackage) { |
| if (forWrite) { |
| return mCallingIdentity.get().hasPermission(PERMISSION_WRITE_VIDEO); |
| } else { |
| // write permission should be enough for reading as well |
| return mCallingIdentity.get().hasPermission(PERMISSION_READ_VIDEO) |
| || mCallingIdentity.get().hasPermission(PERMISSION_WRITE_VIDEO); |
| } |
| } |
| |
| @Deprecated |
| private boolean checkCallingPermissionImages(boolean forWrite, String callingPackage) { |
| if (forWrite) { |
| return mCallingIdentity.get().hasPermission(PERMISSION_WRITE_IMAGES); |
| } else { |
| // write permission should be enough for reading as well |
| return mCallingIdentity.get().hasPermission(PERMISSION_READ_IMAGES) |
| || mCallingIdentity.get().hasPermission(PERMISSION_WRITE_IMAGES); |
| } |
| } |
| |
| /** |
| * Enforce that caller has access to the given {@link Uri}. |
| * |
| * @throws SecurityException if access isn't allowed. |
| */ |
| private void enforceCallingPermission(@NonNull Uri uri, @NonNull Bundle extras, |
| boolean forWrite) { |
| Trace.beginSection("enforceCallingPermission"); |
| try { |
| enforceCallingPermissionInternal(uri, extras, forWrite); |
| } finally { |
| Trace.endSection(); |
| } |
| } |
| |
| private void enforceCallingPermission(@NonNull Collection<Uri> uris, boolean forWrite) { |
| for (Uri uri : uris) { |
| enforceCallingPermission(uri, Bundle.EMPTY, forWrite); |
| } |
| } |
| |
| private void enforceCallingPermissionInternal(@NonNull Uri uri, @NonNull Bundle extras, |
| boolean forWrite) { |
| Objects.requireNonNull(uri); |
| Objects.requireNonNull(extras); |
| |
| // Try a simple global check first before falling back to performing a |
| // simple query to probe for access. |
| if (checkCallingPermissionGlobal(uri, forWrite)) { |
| // Access allowed, yay! |
| return; |
| } |
| |
| // For redacted URI proceed with its corresponding URI as query builder doesn't support |
| // redacted URIs for fetching a database row |
| // NOTE: The grants (if any) must have been on redacted URI hence global check requires |
| // redacted URI |
| Uri redactedUri = null; |
| if (isRedactedUri(uri)) { |
| redactedUri = uri; |
| uri = getUriForRedactedUri(uri); |
| } |
| |
| final DatabaseHelper helper; |
| try { |
| helper = getDatabaseForUri(uri); |
| } catch (VolumeNotFoundException e) { |
| throw e.rethrowAsIllegalArgumentException(); |
| } |
| |
| final boolean allowHidden = isCallingPackageAllowedHidden(); |
| final int table = matchUri(uri, allowHidden); |
| |
| final String selection = extras.getString(QUERY_ARG_SQL_SELECTION); |
| final String[] selectionArgs = extras.getStringArray(QUERY_ARG_SQL_SELECTION_ARGS); |
| |
| // First, check to see if caller has direct write access |
| if (forWrite) { |
| final SQLiteQueryBuilder qb = getQueryBuilder(TYPE_UPDATE, table, uri, extras, null); |
| qb.allowColumn(SQLiteQueryBuilder.ROWID_COLUMN); |
| try (Cursor c = qb.query(helper, new String[] { SQLiteQueryBuilder.ROWID_COLUMN }, |
| selection, selectionArgs, null, null, null, null, null)) { |
| if (c.moveToFirst()) { |
| // Direct write access granted, yay! |
| return; |
| } |
| } |
| } |
| |
| // We only allow the user to grant access to specific media items in |
| // strongly typed collections; never to broad collections |
| boolean allowUserGrant = false; |
| final int matchUri = matchUri(uri, true); |
| switch (matchUri) { |
| case IMAGES_MEDIA_ID: |
| case AUDIO_MEDIA_ID: |
| case VIDEO_MEDIA_ID: |
| allowUserGrant = true; |
| break; |
| } |
| |
| // Second, check to see if caller has direct read access |
| final SQLiteQueryBuilder qb = getQueryBuilder(TYPE_QUERY, table, uri, extras, null); |
| qb.allowColumn(SQLiteQueryBuilder.ROWID_COLUMN); |
| try (Cursor c = qb.query(helper, new String[] { SQLiteQueryBuilder.ROWID_COLUMN }, |
| selection, selectionArgs, null, null, null, null, null)) { |
| if (c.moveToFirst()) { |
| if (!forWrite) { |
| // Direct read access granted, yay! |
| return; |
| } else if (allowUserGrant) { |
| // Caller has read access, but they wanted to write, and |
| // they'll need to get the user to grant that access |
| final Context context = getContext(); |
| final Collection<Uri> uris = Arrays.asList(uri); |
| final PendingIntent intent = MediaStore |
| .createWriteRequest(ContentResolver.wrap(this), uris); |
| |
| final Icon icon = getCollectionIcon(uri); |
| final RemoteAction action = new RemoteAction(icon, |
| context.getText(R.string.permission_required_action), |
| context.getText(R.string.permission_required_action), |
| intent); |
| |
| throw new RecoverableSecurityException(new SecurityException( |
| getCallingPackageOrSelf() + " has no access to " + uri), |
| context.getText(R.string.permission_required), action); |
| } |
| } |
| } |
| |
| if (redactedUri != null) uri = redactedUri; |
| throw new SecurityException(getCallingPackageOrSelf() + " has no access to " + uri); |
| } |
| |
| private Icon getCollectionIcon(Uri uri) { |
| final PackageManager pm = getContext().getPackageManager(); |
| final String type = uri.getPathSegments().get(1); |
| final String groupName; |
| switch (type) { |
| default: groupName = android.Manifest.permission_group.STORAGE; break; |
| } |
| try { |
| final PermissionGroupInfo perm = pm.getPermissionGroupInfo(groupName, 0); |
| return Icon.createWithResource(perm.packageName, perm.icon); |
| } catch (NameNotFoundException e) { |
| throw new RuntimeException(e); |
| } |
| } |
| |
| private void checkAccess(@NonNull Uri uri, @NonNull Bundle extras, @NonNull File file, |
| boolean isWrite) throws FileNotFoundException { |
| // First, does caller have the needed row-level access? |
| enforceCallingPermission(uri, extras, isWrite); |
| |
| // Second, does the path look consistent? |
| if (!FileUtils.contains(Environment.getStorageDirectory(), file)) { |
| checkWorldReadAccess(file.getAbsolutePath()); |
| } |
| } |
| |
| /** |
| * Check whether the path is a world-readable file |
| */ |
| @VisibleForTesting |
| public static void checkWorldReadAccess(String path) throws FileNotFoundException { |
| // Path has already been canonicalized, and we relax the check to look |
| // at groups to support runtime storage permissions. |
| final int accessBits = path.startsWith("/storage/") ? OsConstants.S_IRGRP |
| : OsConstants.S_IROTH; |
| try { |
| StructStat stat = Os.stat(path); |
| if (OsConstants.S_ISREG(stat.st_mode) && |
| ((stat.st_mode & accessBits) == accessBits)) { |
| checkLeadingPathComponentsWorldExecutable(path); |
| return; |
| } |
| } catch (ErrnoException e) { |
| // couldn't stat the file, either it doesn't exist or isn't |
| // accessible to us |
| } |
| |
| throw new FileNotFoundException("Can't access " + path); |
| } |
| |
| private static void checkLeadingPathComponentsWorldExecutable(String filePath) |
| throws FileNotFoundException { |
| File parent = new File(filePath).getParentFile(); |
| |
| // Path has already been canonicalized, and we relax the check to look |
| // at groups to support runtime storage permissions. |
| final int accessBits = filePath.startsWith("/storage/") ? OsConstants.S_IXGRP |
| : OsConstants.S_IXOTH; |
| |
| while (parent != null) { |
| if (! parent.exists()) { |
| // parent dir doesn't exist, give up |
| throw new FileNotFoundException("access denied"); |
| } |
| try { |
| StructStat stat = Os.stat(parent.getPath()); |
| if ((stat.st_mode & accessBits) != accessBits) { |
| // the parent dir doesn't have the appropriate access |
| throw new FileNotFoundException("Can't access " + filePath); |
| } |
| } catch (ErrnoException e1) { |
| // couldn't stat() parent |
| throw new FileNotFoundException("Can't access " + filePath); |
| } |
| parent = parent.getParentFile(); |
| } |
| } |
| |
| @VisibleForTesting |
| static class FallbackException extends Exception { |
| private final int mThrowSdkVersion; |
| |
| public FallbackException(String message, int throwSdkVersion) { |
| super(message); |
| mThrowSdkVersion = throwSdkVersion; |
| } |
| |
| public FallbackException(String message, Throwable cause, int throwSdkVersion) { |
| super(message, cause); |
| mThrowSdkVersion = throwSdkVersion; |
| } |
| |
| @Override |
| public String getMessage() { |
| if (getCause() != null) { |
| return super.getMessage() + ": " + getCause().getMessage(); |
| } else { |
| return super.getMessage(); |
| } |
| } |
| |
| public IllegalArgumentException rethrowAsIllegalArgumentException() { |
| throw new IllegalArgumentException(getMessage()); |
| } |
| |
| public Cursor translateForQuery(int targetSdkVersion) { |
| if (targetSdkVersion >= mThrowSdkVersion) { |
| throw new IllegalArgumentException(getMessage()); |
| } else { |
| Log.w(TAG, getMessage()); |
| return null; |
| } |
| } |
| |
| public Uri translateForInsert(int targetSdkVersion) { |
| if (targetSdkVersion >= mThrowSdkVersion) { |
| throw new IllegalArgumentException(getMessage()); |
| } else { |
| Log.w(TAG, getMessage()); |
| return null; |
| } |
| } |
| |
| public int translateForBulkInsert(int targetSdkVersion) { |
| if (targetSdkVersion >= mThrowSdkVersion) { |
| throw new IllegalArgumentException(getMessage()); |
| } else { |
| Log.w(TAG, getMessage()); |
| return 0; |
| } |
| } |
| |
| public int translateForUpdateDelete(int targetSdkVersion) { |
| if (targetSdkVersion >= mThrowSdkVersion) { |
| throw new IllegalArgumentException(getMessage()); |
| } else { |
| Log.w(TAG, getMessage()); |
| return 0; |
| } |
| } |
| } |
| |
| @VisibleForTesting |
| static class VolumeNotFoundException extends FallbackException { |
| public VolumeNotFoundException(String volumeName) { |
| super("Volume " + volumeName + " not found", Build.VERSION_CODES.Q); |
| } |
| } |
| |
| @VisibleForTesting |
| static class VolumeArgumentException extends FallbackException { |
| public VolumeArgumentException(File actual, Collection<File> allowed) { |
| super("Requested path " + actual + " doesn't appear under " + allowed, |
| Build.VERSION_CODES.Q); |
| } |
| } |
| |
| public List<String> getSupportedTranscodingRelativePaths() { |
| return mTranscodeHelper.getSupportedRelativePaths(); |
| } |
| |
| public List<String> getSupportedUncachedRelativePaths() { |
| return StringUtils.verifySupportedUncachedRelativePaths( |
| StringUtils.getStringArrayConfig(getContext(), |
| R.array.config_supported_uncached_relative_paths)); |
| } |
| |
| /** |
| * Creating a new method for Transcoding to avoid any merge conflicts. |
| * TODO(b/170465810): Remove this when the code is refactored. |
| */ |
| @NonNull DatabaseHelper getDatabaseForUriForTranscoding(Uri uri) |
| throws VolumeNotFoundException { |
| return getDatabaseForUri(uri); |
| } |
| |
| private @NonNull DatabaseHelper getDatabaseForUri(Uri uri) throws VolumeNotFoundException { |
| final String volumeName = resolveVolumeName(uri); |
| synchronized (mAttachedVolumes) { |
| boolean volumeAttached = false; |
| UserHandle user = mCallingIdentity.get().getUser(); |
| for (MediaVolume vol : mAttachedVolumes) { |
| if (vol.getName().equals(volumeName) |
| && (vol.isVisibleToUser(user) || vol.isPublicVolume()) ) { |
| volumeAttached = true; |
| break; |
| } |
| } |
| if (!volumeAttached) { |
| // Dump some more debug info |
| Log.e(TAG, "Volume " + volumeName + " not found, calling identity: " |
| + user + ", attached volumes: " + mAttachedVolumes); |
| throw new VolumeNotFoundException(volumeName); |
| } |
| } |
| if (MediaStore.VOLUME_INTERNAL.equals(volumeName)) { |
| return mInternalDatabase; |
| } else { |
| return mExternalDatabase; |
| } |
| } |
| |
| static boolean isMediaDatabaseName(String name) { |
| if (INTERNAL_DATABASE_NAME.equals(name)) { |
| return true; |
| } |
| if (EXTERNAL_DATABASE_NAME.equals(name)) { |
| return true; |
| } |
| if (name.startsWith("external-") && name.endsWith(".db")) { |
| return true; |
| } |
| return false; |
| } |
| |
| private @NonNull Uri getBaseContentUri(@NonNull String volumeName) { |
| return MediaStore.AUTHORITY_URI.buildUpon().appendPath(volumeName).build(); |
| } |
| |
| public Uri attachVolume(MediaVolume volume, boolean validate) { |
| if (mCallingIdentity.get().pid != android.os.Process.myPid()) { |
| throw new SecurityException( |
| "Opening and closing databases not allowed."); |
| } |
| |
| final String volumeName = volume.getName(); |
| |
| // Quick check for shady volume names |
| MediaStore.checkArgumentVolumeName(volumeName); |
| |
| // Quick check that volume actually exists |
| if (!MediaStore.VOLUME_INTERNAL.equals(volumeName) && validate) { |
| try { |
| getVolumePath(volumeName); |
| } catch (IOException e) { |
| throw new IllegalArgumentException( |
| "Volume " + volume + " currently unavailable", e); |
| } |
| } |
| |
| synchronized (mAttachedVolumes) { |
| mAttachedVolumes.add(volume); |
| } |
| |
| final ContentResolver resolver = getContext().getContentResolver(); |
| final Uri uri = getBaseContentUri(volumeName); |
| // TODO(b/182396009) we probably also want to notify clone profile (and vice versa) |
| resolver.notifyChange(getBaseContentUri(volumeName), null); |
| |
| if (LOGV) Log.v(TAG, "Attached volume: " + volume); |
| if (!MediaStore.VOLUME_INTERNAL.equals(volumeName)) { |
| // Also notify on synthetic view of all devices |
| resolver.notifyChange(getBaseContentUri(MediaStore.VOLUME_EXTERNAL), null); |
| |
| ForegroundThread.getExecutor().execute(() -> { |
| mExternalDatabase.runWithTransaction((db) -> { |
| ensureDefaultFolders(volume, db); |
| ensureThumbnailsValid(volume, db); |
| return null; |
| }); |
| |
| // We just finished the database operation above, we know that |
| // it's ready to answer queries, so notify our DocumentProvider |
| // so it can answer queries without risking ANR |
| MediaDocumentsProvider.onMediaStoreReady(getContext()); |
| }); |
| } |
| return uri; |
| } |
| |
| private void detachVolume(Uri uri) { |
| final String volumeName = MediaStore.getVolumeName(uri); |
| try { |
| detachVolume(getVolume(volumeName)); |
| } catch (FileNotFoundException e) { |
| Log.e(TAG, "Couldn't find volume for URI " + uri, e) ; |
| } |
| } |
| |
| public boolean isVolumeAttached(MediaVolume volume) { |
| synchronized (mAttachedVolumes) { |
| return mAttachedVolumes.contains(volume); |
| } |
| } |
| |
| public void detachVolume(MediaVolume volume) { |
| if (mCallingIdentity.get().pid != android.os.Process.myPid()) { |
| throw new SecurityException( |
| "Opening and closing databases not allowed."); |
| } |
| |
| final String volumeName = volume.getName(); |
| |
| // Quick check for shady volume names |
| MediaStore.checkArgumentVolumeName(volumeName); |
| |
| if (MediaStore.VOLUME_INTERNAL.equals(volumeName)) { |
| throw new UnsupportedOperationException( |
| "Deleting the internal volume is not allowed"); |
| } |
| |
| // Signal any scanning to shut down |
| mMediaScanner.onDetachVolume(volume); |
| |
| synchronized (mAttachedVolumes) { |
| mAttachedVolumes.remove(volume); |
| } |
| |
| final ContentResolver resolver = getContext().getContentResolver(); |
| final Uri uri = getBaseContentUri(volumeName); |
| resolver.notifyChange(getBaseContentUri(volumeName), null); |
| |
| if (!MediaStore.VOLUME_INTERNAL.equals(volumeName)) { |
| // Also notify on synthetic view of all devices |
| resolver.notifyChange(getBaseContentUri(MediaStore.VOLUME_EXTERNAL), null); |
| } |
| |
| if (LOGV) Log.v(TAG, "Detached volume: " + volumeName); |
| } |
| |
| @GuardedBy("mAttachedVolumes") |
| private final ArraySet<MediaVolume> mAttachedVolumes = new ArraySet<>(); |
| @GuardedBy("mCustomCollators") |
| private final ArraySet<String> mCustomCollators = new ArraySet<>(); |
| |
| private MediaScanner mMediaScanner; |
| |
| private DatabaseHelper mInternalDatabase; |
| private DatabaseHelper mExternalDatabase; |
| private PickerDbFacade mPickerDbFacade; |
| private ExternalDbFacade mExternalDbFacade; |
| private PickerDataLayer mPickerDataLayer; |
| private PickerSyncController mPickerSyncController; |
| private TranscodeHelper mTranscodeHelper; |
| |
| // name of the volume currently being scanned by the media scanner (or null) |
| private String mMediaScannerVolume; |
| |
| // current FAT volume ID |
| private int mVolumeId = -1; |
| |
| // WARNING: the values of IMAGES_MEDIA, AUDIO_MEDIA, and VIDEO_MEDIA and AUDIO_PLAYLISTS |
| // are stored in the "files" table, so do not renumber them unless you also add |
| // a corresponding database upgrade step for it. |
| static final int IMAGES_MEDIA = 1; |
| static final int IMAGES_MEDIA_ID = 2; |
| static final int IMAGES_MEDIA_ID_THUMBNAIL = 3; |
| static final int IMAGES_THUMBNAILS = 4; |
| static final int IMAGES_THUMBNAILS_ID = 5; |
| |
| static final int AUDIO_MEDIA = 100; |
| static final int AUDIO_MEDIA_ID = 101; |
| static final int AUDIO_MEDIA_ID_GENRES = 102; |
| static final int AUDIO_MEDIA_ID_GENRES_ID = 103; |
| static final int AUDIO_GENRES = 106; |
| static final int AUDIO_GENRES_ID = 107; |
| static final int AUDIO_GENRES_ID_MEMBERS = 108; |
| static final int AUDIO_GENRES_ALL_MEMBERS = 109; |
| static final int AUDIO_PLAYLISTS = 110; |
| static final int AUDIO_PLAYLISTS_ID = 111; |
| static final int AUDIO_PLAYLISTS_ID_MEMBERS = 112; |
| static final int AUDIO_PLAYLISTS_ID_MEMBERS_ID = 113; |
| static final int AUDIO_ARTISTS = 114; |
| static final int AUDIO_ARTISTS_ID = 115; |
| static final int AUDIO_ALBUMS = 116; |
| static final int AUDIO_ALBUMS_ID = 117; |
| static final int AUDIO_ARTISTS_ID_ALBUMS = 118; |
| static final int AUDIO_ALBUMART = 119; |
| static final int AUDIO_ALBUMART_ID = 120; |
| static final int AUDIO_ALBUMART_FILE_ID = 121; |
| |
| static final int VIDEO_MEDIA = 200; |
| static final int VIDEO_MEDIA_ID = 201; |
| static final int VIDEO_MEDIA_ID_THUMBNAIL = 202; |
| static final int VIDEO_THUMBNAILS = 203; |
| static final int VIDEO_THUMBNAILS_ID = 204; |
| |
| static final int VOLUMES = 300; |
| static final int VOLUMES_ID = 301; |
| |
| static final int MEDIA_SCANNER = 500; |
| |
| static final int FS_ID = 600; |
| static final int VERSION = 601; |
| |
| static final int FILES = 700; |
| static final int FILES_ID = 701; |
| |
| static final int DOWNLOADS = 800; |
| static final int DOWNLOADS_ID = 801; |
| |
| static final int PICKER = 900; |
| static final int PICKER_ID = 901; |
| static final int PICKER_INTERNAL_MEDIA = 902; |
| static final int PICKER_INTERNAL_ALBUMS = 903; |
| static final int PICKER_UNRELIABLE_VOLUME = 904; |
| |
| private static final HashSet<Integer> REDACTED_URI_SUPPORTED_TYPES = new HashSet<>( |
| Arrays.asList(AUDIO_MEDIA_ID, IMAGES_MEDIA_ID, VIDEO_MEDIA_ID, FILES_ID, DOWNLOADS_ID)); |
| |
| private LocalUriMatcher mUriMatcher; |
| |
| private static final String[] PATH_PROJECTION = new String[] { |
| MediaStore.MediaColumns._ID, |
| MediaStore.MediaColumns.DATA, |
| }; |
| |
| private int matchUri(Uri uri, boolean allowHidden) { |
| return mUriMatcher.matchUri(uri, allowHidden); |
| } |
| |
| static class LocalUriMatcher { |
| private final UriMatcher mPublic = new UriMatcher(UriMatcher.NO_MATCH); |
| private final UriMatcher mHidden = new UriMatcher(UriMatcher.NO_MATCH); |
| |
| public int matchUri(Uri uri, boolean allowHidden) { |
| final int publicMatch = mPublic.match(uri); |
| if (publicMatch != UriMatcher.NO_MATCH) { |
| return publicMatch; |
| } |
| |
| final int hiddenMatch = mHidden.match(uri); |
| if (hiddenMatch != UriMatcher.NO_MATCH) { |
| // Detect callers asking about hidden behavior by looking closer when |
| // the matchers diverge; we only care about apps that are explicitly |
| // targeting a specific public API level. |
| if (!allowHidden) { |
| throw new IllegalStateException("Unknown URL: " + uri + " is hidden API"); |
| } |
| return hiddenMatch; |
| } |
| |
| return UriMatcher.NO_MATCH; |
| } |
| |
| public LocalUriMatcher(String auth) { |
| // Warning: Do not move these exact string matches below "*/.." matches. |
| // If "*/.." match is added to mPublic children before "picker/#/#", then while matching |
| // "picker/0/10", UriMatcher matches "*" node with "picker" and tries to match "0/10" |
| // with children of "*". |
| // UriMatcher does not look for exact "picker" string match if it finds * node before |
| // it. It finds the first best child match and proceeds the match from there without |
| // looking at other siblings. |
| mPublic.addURI(auth, "picker", PICKER); |
| // TODO(b/195009139): Remove after switching picker URI to new format |
| // content://media/picker/<user-id>/<media-id> |
| mPublic.addURI(auth, "picker/#/#", PICKER_ID); |
| // content://media/picker/<user-id>/<authority>/media/<media-id> |
| mPublic.addURI(auth, "picker/#/*/media/*", PICKER_ID); |
| // content://media/picker/unreliable/<media_id> |
| mPublic.addURI(auth, "picker/unreliable/#", PICKER_UNRELIABLE_VOLUME); |
| mPublic.addURI(auth, "*/images/media", IMAGES_MEDIA); |
| mPublic.addURI(auth, "*/images/media/#", IMAGES_MEDIA_ID); |
| mPublic.addURI(auth, "*/images/media/#/thumbnail", IMAGES_MEDIA_ID_THUMBNAIL); |
| mPublic.addURI(auth, "*/images/thumbnails", IMAGES_THUMBNAILS); |
| mPublic.addURI(auth, "*/images/thumbnails/#", IMAGES_THUMBNAILS_ID); |
| |
| mPublic.addURI(auth, "*/audio/media", AUDIO_MEDIA); |
| mPublic.addURI(auth, "*/audio/media/#", AUDIO_MEDIA_ID); |
| mPublic.addURI(auth, "*/audio/media/#/genres", AUDIO_MEDIA_ID_GENRES); |
| mPublic.addURI(auth, "*/audio/media/#/genres/#", AUDIO_MEDIA_ID_GENRES_ID); |
| mPublic.addURI(auth, "*/audio/genres", AUDIO_GENRES); |
| mPublic.addURI(auth, "*/audio/genres/#", AUDIO_GENRES_ID); |
| mPublic.addURI(auth, "*/audio/genres/#/members", AUDIO_GENRES_ID_MEMBERS); |
| // TODO: not actually defined in API, but CTS tested |
| mPublic.addURI(auth, "*/audio/genres/all/members", AUDIO_GENRES_ALL_MEMBERS); |
| mPublic.addURI(auth, "*/audio/playlists", AUDIO_PLAYLISTS); |
| mPublic.addURI(auth, "*/audio/playlists/#", AUDIO_PLAYLISTS_ID); |
| mPublic.addURI(auth, "*/audio/playlists/#/members", AUDIO_PLAYLISTS_ID_MEMBERS); |
| mPublic.addURI(auth, "*/audio/playlists/#/members/#", AUDIO_PLAYLISTS_ID_MEMBERS_ID); |
| mPublic.addURI(auth, "*/audio/artists", AUDIO_ARTISTS); |
| mPublic.addURI(auth, "*/audio/artists/#", AUDIO_ARTISTS_ID); |
| mPublic.addURI(auth, "*/audio/artists/#/albums", AUDIO_ARTISTS_ID_ALBUMS); |
| mPublic.addURI(auth, "*/audio/albums", AUDIO_ALBUMS); |
| mPublic.addURI(auth, "*/audio/albums/#", AUDIO_ALBUMS_ID); |
| // TODO: not actually defined in API, but CTS tested |
| mPublic.addURI(auth, "*/audio/albumart", AUDIO_ALBUMART); |
| // TODO: not actually defined in API, but CTS tested |
| mPublic.addURI(auth, "*/audio/albumart/#", AUDIO_ALBUMART_ID); |
| // TODO: not actually defined in API, but CTS tested |
| mPublic.addURI(auth, "*/audio/media/#/albumart", AUDIO_ALBUMART_FILE_ID); |
| |
| mPublic.addURI(auth, "*/video/media", VIDEO_MEDIA); |
| mPublic.addURI(auth, "*/video/media/#", VIDEO_MEDIA_ID); |
| mPublic.addURI(auth, "*/video/media/#/thumbnail", VIDEO_MEDIA_ID_THUMBNAIL); |
| mPublic.addURI(auth, "*/video/thumbnails", VIDEO_THUMBNAILS); |
| mPublic.addURI(auth, "*/video/thumbnails/#", VIDEO_THUMBNAILS_ID); |
| |
| mPublic.addURI(auth, "*/media_scanner", MEDIA_SCANNER); |
| |
| // NOTE: technically hidden, since Uri is never exposed |
| mPublic.addURI(auth, "*/fs_id", FS_ID); |
| // NOTE: technically hidden, since Uri is never exposed |
| mPublic.addURI(auth, "*/version", VERSION); |
| |
| mHidden.addURI(auth, "picker_internal/media", PICKER_INTERNAL_MEDIA); |
| mHidden.addURI(auth, "picker_internal/albums", PICKER_INTERNAL_ALBUMS); |
| mHidden.addURI(auth, "*", VOLUMES_ID); |
| mHidden.addURI(auth, null, VOLUMES); |
| |
| mPublic.addURI(auth, "*/file", FILES); |
| mPublic.addURI(auth, "*/file/#", FILES_ID); |
| |
| mPublic.addURI(auth, "*/downloads", DOWNLOADS); |
| mPublic.addURI(auth, "*/downloads/#", DOWNLOADS_ID); |
| } |
| } |
| |
| /** |
| * Set of columns that can be safely mutated by external callers; all other |
| * columns are treated as read-only, since they reflect what the media |
| * scanner found on disk, and any mutations would be overwritten the next |
| * time the media was scanned. |
| */ |
| private static final ArraySet<String> sMutableColumns = new ArraySet<>(); |
| |
| static { |
| sMutableColumns.add(MediaStore.MediaColumns.DATA); |
| sMutableColumns.add(MediaStore.MediaColumns.RELATIVE_PATH); |
| sMutableColumns.add(MediaStore.MediaColumns.DISPLAY_NAME); |
| sMutableColumns.add(MediaStore.MediaColumns.IS_PENDING); |
| sMutableColumns.add(MediaStore.MediaColumns.IS_TRASHED); |
| sMutableColumns.add(MediaStore.MediaColumns.IS_FAVORITE); |
| sMutableColumns.add(MediaStore.MediaColumns.OWNER_PACKAGE_NAME); |
| |
| sMutableColumns.add(MediaStore.Audio.AudioColumns.BOOKMARK); |
| |
| sMutableColumns.add(MediaStore.Video.VideoColumns.TAGS); |
| sMutableColumns.add(MediaStore.Video.VideoColumns.CATEGORY); |
| sMutableColumns.add(MediaStore.Video.VideoColumns.BOOKMARK); |
| |
| sMutableColumns.add(MediaStore.Audio.Playlists.NAME); |
| sMutableColumns.add(MediaStore.Audio.Playlists.Members.AUDIO_ID); |
| sMutableColumns.add(MediaStore.Audio.Playlists.Members.PLAY_ORDER); |
| |
| sMutableColumns.add(MediaStore.DownloadColumns.DOWNLOAD_URI); |
| sMutableColumns.add(MediaStore.DownloadColumns.REFERER_URI); |
| |
| sMutableColumns.add(MediaStore.Files.FileColumns.MIME_TYPE); |
| sMutableColumns.add(MediaStore.Files.FileColumns.MEDIA_TYPE); |
| } |
| |
| /** |
| * Set of columns that affect placement of files on disk. |
| */ |
| private static final ArraySet<String> sPlacementColumns = new ArraySet<>(); |
| |
| static { |
| sPlacementColumns.add(MediaStore.MediaColumns.DATA); |
| sPlacementColumns.add(MediaStore.MediaColumns.RELATIVE_PATH); |
| sPlacementColumns.add(MediaStore.MediaColumns.DISPLAY_NAME); |
| sPlacementColumns.add(MediaStore.MediaColumns.MIME_TYPE); |
| sPlacementColumns.add(MediaStore.MediaColumns.IS_PENDING); |
| sPlacementColumns.add(MediaStore.MediaColumns.IS_TRASHED); |
| sPlacementColumns.add(MediaStore.MediaColumns.DATE_EXPIRES); |
| } |
| |
| /** |
| * List of abusive custom columns that we're willing to allow via |
| * {@link SQLiteQueryBuilder#setProjectionGreylist(List)}. |
| */ |
| static final ArrayList<Pattern> sGreylist = new ArrayList<>(); |
| |
| private static void addGreylistPattern(String pattern) { |
| sGreylist.add(Pattern.compile(" *" + pattern + " *")); |
| } |
| |
| static { |
| final String maybeAs = "( (as )?[_a-z0-9]+)?"; |
| addGreylistPattern("(?i)[_a-z0-9]+" + maybeAs); |
| addGreylistPattern("audio\\._id AS _id"); |
| addGreylistPattern("(?i)(min|max|sum|avg|total|count|cast)\\(([_a-z0-9]+" + maybeAs + "|\\*)\\)" + maybeAs); |
| addGreylistPattern("case when case when \\(date_added >= \\d+ and date_added < \\d+\\) then date_added \\* \\d+ when \\(date_added >= \\d+ and date_added < \\d+\\) then date_added when \\(date_added >= \\d+ and date_added < \\d+\\) then date_added / \\d+ else \\d+ end > case when \\(date_modified >= \\d+ and date_modified < \\d+\\) then date_modified \\* \\d+ when \\(date_modified >= \\d+ and date_modified < \\d+\\) then date_modified when \\(date_modified >= \\d+ and date_modified < \\d+\\) then date_modified / \\d+ else \\d+ end then case when \\(date_added >= \\d+ and date_added < \\d+\\) then date_added \\* \\d+ when \\(date_added >= \\d+ and date_added < \\d+\\) then date_added when \\(date_added >= \\d+ and date_added < \\d+\\) then date_added / \\d+ else \\d+ end else case when \\(date_modified >= \\d+ and date_modified < \\d+\\) then date_modified \\* \\d+ when \\(date_modified >= \\d+ and date_modified < \\d+\\) then date_modified when \\(date_modified >= \\d+ and date_modified < \\d+\\) then date_modified / \\d+ else \\d+ end end as corrected_added_modified"); |
| addGreylistPattern("MAX\\(case when \\(datetaken >= \\d+ and datetaken < \\d+\\) then datetaken \\* \\d+ when \\(datetaken >= \\d+ and datetaken < \\d+\\) then datetaken when \\(datetaken >= \\d+ and datetaken < \\d+\\) then datetaken / \\d+ else \\d+ end\\)"); |
| addGreylistPattern("MAX\\(case when \\(date_added >= \\d+ and date_added < \\d+\\) then date_added \\* \\d+ when \\(date_added >= \\d+ and date_added < \\d+\\) then date_added when \\(date_added >= \\d+ and date_added < \\d+\\) then date_added / \\d+ else \\d+ end\\)"); |
| addGreylistPattern("MAX\\(case when \\(date_modified >= \\d+ and date_modified < \\d+\\) then date_modified \\* \\d+ when \\(date_modified >= \\d+ and date_modified < \\d+\\) then date_modified when \\(date_modified >= \\d+ and date_modified < \\d+\\) then date_modified / \\d+ else \\d+ end\\)"); |
| addGreylistPattern("\"content://media/[a-z]+/audio/media\""); |
| addGreylistPattern("substr\\(_data, length\\(_data\\)-length\\(_display_name\\), 1\\) as filename_prevchar"); |
| addGreylistPattern("\\*" + maybeAs); |
| addGreylistPattern("case when \\(datetaken >= \\d+ and datetaken < \\d+\\) then datetaken \\* \\d+ when \\(datetaken >= \\d+ and datetaken < \\d+\\) then datetaken when \\(datetaken >= \\d+ and datetaken < \\d+\\) then datetaken / \\d+ else \\d+ end"); |
| } |
| |
| public ArrayMap<String, String> getProjectionMap(Class<?>... clazzes) { |
| return mExternalDatabase.getProjectionMap(clazzes); |
| } |
| |
| static <T> boolean containsAny(Set<T> a, Set<T> b) { |
| for (T i : b) { |
| if (a.contains(i)) { |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| @VisibleForTesting |
| static @Nullable Uri computeCommonPrefix(@NonNull List<Uri> uris) { |
| if (uris.isEmpty()) return null; |
| |
| final Uri base = uris.get(0); |
| final List<String> basePath = new ArrayList<>(base.getPathSegments()); |
| for (int i = 1; i < uris.size(); i++) { |
| final List<String> probePath = uris.get(i).getPathSegments(); |
| for (int j = 0; j < basePath.size() && j < probePath.size(); j++) { |
| if (!Objects.equals(basePath.get(j), probePath.get(j))) { |
| // Trim away all remaining common elements |
| while (basePath.size() > j) { |
| basePath.remove(j); |
| } |
| } |
| } |
| |
| final int probeSize = probePath.size(); |
| while (basePath.size() > probeSize) { |
| basePath.remove(probeSize); |
| } |
| } |
| |
| final Uri.Builder builder = base.buildUpon().path(null); |
| for (int i = 0; i < basePath.size(); i++) { |
| builder.appendPath(basePath.get(i)); |
| } |
| return builder.build(); |
| } |
| |
| public ExternalDbFacade getExternalDbFacade() { |
| return mExternalDbFacade; |
| } |
| |
| public PickerSyncController getPickerSyncController() { |
| return mPickerSyncController; |
| } |
| |
| private boolean isCallingPackageSystemGallery() { |
| return mCallingIdentity.get().hasPermission(PERMISSION_IS_SYSTEM_GALLERY); |
| } |
| |
| private int getCallingUidOrSelf() { |
| return mCallingIdentity.get().uid; |
| } |
| |
| @Deprecated |
| private String getCallingPackageOrSelf() { |
| return mCallingIdentity.get().getPackageName(); |
| } |
| |
| @Deprecated |
| @VisibleForTesting |
| public int getCallingPackageTargetSdkVersion() { |
| return mCallingIdentity.get().getTargetSdkVersion(); |
| } |
| |
| @Deprecated |
| private boolean isCallingPackageAllowedHidden() { |
| return isCallingPackageSelf(); |
| } |
| |
| @Deprecated |
| private boolean isCallingPackageSelf() { |
| return mCallingIdentity.get().hasPermission(PERMISSION_IS_SELF); |
| } |
| |
| @Deprecated |
| private boolean isCallingPackageShell() { |
| return mCallingIdentity.get().hasPermission(PERMISSION_IS_SHELL); |
| } |
| |
| @Deprecated |
| private boolean isCallingPackageManager() { |
| return mCallingIdentity.get().hasPermission(PERMISSION_IS_MANAGER); |
| } |
| |
| @Deprecated |
| private boolean isCallingPackageDelegator() { |
| return mCallingIdentity.get().hasPermission(PERMISSION_IS_DELEGATOR); |
| } |
| |
| @Deprecated |
| private boolean isCallingPackageLegacyRead() { |
| return mCallingIdentity.get().hasPermission(PERMISSION_IS_LEGACY_READ); |
| } |
| |
| @Deprecated |
| private boolean isCallingPackageLegacyWrite() { |
| return mCallingIdentity.get().hasPermission(PERMISSION_IS_LEGACY_WRITE); |
| } |
| |
| @Override |
| public void dump(FileDescriptor fd, PrintWriter writer, String[] args) { |
| writer.println("mThumbSize=" + mThumbSize); |
| synchronized (mAttachedVolumes) { |
| writer.println("mAttachedVolumes=" + mAttachedVolumes); |
| } |
| writer.println(); |
| |
| mVolumeCache.dump(writer); |
| writer.println(); |
| |
| mUserCache.dump(writer); |
| writer.println(); |
| |
| mTranscodeHelper.dump(writer); |
| writer.println(); |
| |
| Logging.dumpPersistent(writer); |
| } |
| } |