Merge "Fixing Storage Volume(s) Retrieval."

commit: c84d661e07b48ad70297d03e74b9657793472484 [log] [tgz]
author: Himanshu Gupta <himanshuz@google.com> Mon Oct 24 12:40:10 2022 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Mon Oct 24 12:40:10 2022 +0000
tree: 02220f5f4102cbbc09e9bd857a449a8d8d06bae1
parent: 26a27835cdc0a4cc207c47aee3e9cc1bba01b9db [diff]
parent: 65a5b2db39c4f5a32657130d8e95ca1c141734a1 [diff]
diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
index 0cf7915..1150b83 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java

@@ -3584,6 +3584,13 @@
         final boolean includeSharedProfile =
                 (flags & StorageManager.FLAG_INCLUDE_SHARED_PROFILE) != 0;
 
+        // When the caller is the app actually hosting external storage, we
+        // should never attempt to augment the actual storage volume state,
+        // otherwise we risk confusing it with race conditions as users go
+        // through various unlocked states
+        final boolean callerIsMediaStore = UserHandle.isSameApp(callingUid,
+                mMediaStoreAuthorityAppId);
+
         // Only Apps with MANAGE_EXTERNAL_STORAGE should call the API with includeSharedProfile
         if (includeSharedProfile) {
             try {
@@ -3596,8 +3603,13 @@
                 // Checking first entry in packagesFromUid is enough as using "sharedUserId"
                 // mechanism is rare and discouraged. Also, Apps that share same UID share the same
                 // permissions.
-                if (!mStorageManagerInternal.hasExternalStorageAccess(callingUid,
-                        packagesFromUid[0])) {
+                // Allowing Media Provider is an exception, Media Provider process should be allowed
+                // to query users across profiles, even without MANAGE_EXTERNAL_STORAGE access.
+                // Note that ordinarily Media provider process has the above permission, but if they
+                // are revoked, Storage Volume(s) should still be returned.
+                if (!callerIsMediaStore
+                        && !mStorageManagerInternal.hasExternalStorageAccess(callingUid,
+                                packagesFromUid[0])) {
                     throw new SecurityException("Only File Manager Apps permitted");
                 }
             } catch (RemoteException re) {
@@ -3610,13 +3622,6 @@
         // point
         final boolean systemUserUnlocked = isSystemUnlocked(UserHandle.USER_SYSTEM);
 
-        // When the caller is the app actually hosting external storage, we
-        // should never attempt to augment the actual storage volume state,
-        // otherwise we risk confusing it with race conditions as users go
-        // through various unlocked states
-        final boolean callerIsMediaStore = UserHandle.isSameApp(callingUid,
-                mMediaStoreAuthorityAppId);
-
         final boolean userIsDemo;
         final boolean userKeyUnlocked;
         final boolean storagePermission;
commit	c84d661e07b48ad70297d03e74b9657793472484	[log] [tgz]
author	Himanshu Gupta <himanshuz@google.com>	Mon Oct 24 12:40:10 2022 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Mon Oct 24 12:40:10 2022 +0000
tree	02220f5f4102cbbc09e9bd857a449a8d8d06bae1
parent	26a27835cdc0a4cc207c47aee3e9cc1bba01b9db [diff]
parent	65a5b2db39c4f5a32657130d8e95ca1c141734a1 [diff]