Check READ_EXTERNAL enforcement outside of lock.

jsharkey · jsharkey · commit c50f31d213d6 · 2012-09-22T17:14:02.000-07:00
Since SettingsProvider can call back into PMS, query the default
enforcement state before acquiring mPackages lock.

Bug: 7182437
Change-Id: Ie218aedfc7a943e5b221814af3e0356c7199b0e4
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
@@ -1715,6 +1715,7 @@ public int getPackageUid(String packageName, int userId) {
     }
 
     public int[] getPackageGids(String packageName) {
+        final boolean enforcedDefault = isPermissionEnforcedDefault(READ_EXTERNAL_STORAGE);
         // reader
         synchronized (mPackages) {
             PackageParser.Package p = mPackages.get(packageName);
@@ -1726,7 +1727,7 @@ public int[] getPackageGids(String packageName) {
                 int[] gids = suid != null ? suid.gids : ps.gids;
 
                 // include GIDs for any unenforced permissions
-                if (!isPermissionEnforcedLocked(READ_EXTERNAL_STORAGE)) {
+                if (!isPermissionEnforcedLocked(READ_EXTERNAL_STORAGE, enforcedDefault)) {
                     final BasePermission basePerm = mSettings.mPermissions.get(
                             READ_EXTERNAL_STORAGE);
                     gids = appendInts(gids, basePerm.gids);
@@ -2054,6 +2055,7 @@ private void checkValidCaller(int uid, int userId) {
     }
 
     public int checkPermission(String permName, String pkgName) {
+        final boolean enforcedDefault = isPermissionEnforcedDefault(permName);
         synchronized (mPackages) {
             PackageParser.Package p = mPackages.get(pkgName);
             if (p != null && p.mExtras != null) {
@@ -2066,14 +2068,15 @@ public int checkPermission(String permName, String pkgName) {
                     return PackageManager.PERMISSION_GRANTED;
                 }
             }
-            if (!isPermissionEnforcedLocked(permName)) {
+            if (!isPermissionEnforcedLocked(permName, enforcedDefault)) {
                 return PackageManager.PERMISSION_GRANTED;
             }
         }
         return PackageManager.PERMISSION_DENIED;
     }
 
     public int checkUidPermission(String permName, int uid) {
+        final boolean enforcedDefault = isPermissionEnforcedDefault(permName);
         synchronized (mPackages) {
             Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid));
             if (obj != null) {
@@ -2087,7 +2090,7 @@ public int checkUidPermission(String permName, int uid) {
                     return PackageManager.PERMISSION_GRANTED;
                 }
             }
-            if (!isPermissionEnforcedLocked(permName)) {
+            if (!isPermissionEnforcedLocked(permName, enforcedDefault)) {
                 return PackageManager.PERMISSION_GRANTED;
             }
         }
@@ -10124,19 +10127,36 @@ public void setPermissionEnforced(String permission, boolean enforced) {
 
     @Override
     public boolean isPermissionEnforced(String permission) {
+        final boolean enforcedDefault = isPermissionEnforcedDefault(permission);
         synchronized (mPackages) {
-            return isPermissionEnforcedLocked(permission);
+            return isPermissionEnforcedLocked(permission, enforcedDefault);
         }
     }
 
-    private boolean isPermissionEnforcedLocked(String permission) {
+    /**
+     * Check if given permission should be enforced by default. Should always be
+     * called outside of {@link #mPackages} lock.
+     */
+    private boolean isPermissionEnforcedDefault(String permission) {
+        if (READ_EXTERNAL_STORAGE.equals(permission)) {
+            return Secure.getInt(mContext.getContentResolver(),
+                    Secure.READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT, 0) != 0;
+        } else {
+            return true;
+        }
+    }
+
+    /**
+     * Check if user has requested that given permission be enforced, using
+     * given default if undefined.
+     */
+    private boolean isPermissionEnforcedLocked(String permission, boolean enforcedDefault) {
         if (READ_EXTERNAL_STORAGE.equals(permission)) {
             if (mSettings.mReadExternalStorageEnforced != null) {
                 return mSettings.mReadExternalStorageEnforced;
             } else {
-                // if user hasn't defined, fall back to secure default
-                return Secure.getInt(mContext.getContentResolver(),
-                        Secure.READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT, 0) != 0;
+                // User hasn't defined; fall back to secure default
+                return enforcedDefault;
             }
         } else {
             return true;
