commit 02735bc9b7686e56957cdec9c10660c4a6dd1090
author San Mehat <san@google.com> Tue Jan 26 15:18:08 2010 -0800
committer San Mehat <san@google.com> Wed Jan 27 06:14:28 2010 -0800
tree 748812633f2058e2b0c624f3d25b9110d668edf6
parent 4539f38aec841cac74b170293d6d921acda96430

MountService: Introduce new @hide permissions to protect secure containers.

Signed-off-by: San Mehat <san@google.com>

core/res/AndroidManifest.xml

diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index d81476a..ac6467d 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -700,6 +700,46 @@
         android:label="@string/permlab_mount_format_filesystems"
         android:description="@string/permdesc_mount_format_filesystems" />
 
+    <!-- Allows access to ASEC non-destructive API calls
+         @hide  -->
+    <permission android:name="android.permission.ASEC_ACCESS"
+        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
+        android:protectionLevel="dangerous"
+        android:label="@string/permlab_asec_access"
+        android:description="@string/permdesc_asec_access" />
+
+    <!-- Allows creation of ASEC volumes
+         @hide  -->
+    <permission android:name="android.permission.ASEC_CREATE"
+        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
+        android:protectionLevel="dangerous"
+        android:label="@string/permlab_asec_create"
+        android:description="@string/permdesc_asec_create" />
+
+    <!-- Allows destruction of ASEC volumes
+         @hide  -->
+    <permission android:name="android.permission.ASEC_DESTROY"
+        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
+        android:protectionLevel="dangerous"
+        android:label="@string/permlab_asec_destroy"
+        android:description="@string/permdesc_asec_destroy" />
+
+    <!-- Allows mount / unmount of ASEC volumes
+         @hide  -->
+    <permission android:name="android.permission.ASEC_MOUNT_UNMOUNT"
+        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
+        android:protectionLevel="dangerous"
+        android:label="@string/permlab_asec_mount_unmount"
+        android:description="@string/permdesc_asec_mount_unmount" />
+
+    <!-- Allows rename of ASEC volumes
+         @hide  -->
+    <permission android:name="android.permission.ASEC_RENAME"
+        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
+        android:protectionLevel="dangerous"
+        android:label="@string/permlab_asec_rename"
+        android:description="@string/permdesc_asec_rename" />
+
     <!-- Allows applications to disable the keyguard -->
     <permission android:name="android.permission.DISABLE_KEYGUARD"
         android:permissionGroup="android.permission-group.SYSTEM_TOOLS"

core/res/res/values/strings.xml

diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 0ef07ff..8c46f58 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -877,6 +877,31 @@
     <string name="permdesc_mount_format_filesystems">Allows the application to format removable storage.</string>
 
     <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permlab_asec_access">get information on secure storage</string>
+    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permdesc_asec_access">Allows the application to get information on secure storage.</string>
+
+    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permlab_asec_create">create secure storage</string>
+    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permdesc_asec_create">Allows the application to create secure storage.</string>
+
+    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permlab_asec_destroy">destroy secure storage</string>
+    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permdesc_asec_destroy">Allows the application to destroy secure storage.</string>
+
+    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permlab_asec_mount_unmount">mount / unmount secure storage</string>
+    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permdesc_asec_mount_unmount">Allows the application to mount / unmount secure storage.</string>
+
+    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permlab_asec_rename">rename secure storage</string>
+    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+    <string name="permdesc_asec_rename">Allows the application to rename secure storage.</string>
+
+    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
     <string name="permlab_vibrate">control vibrator</string>
     <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
     <string name="permdesc_vibrate">Allows the application to control

services/java/com/android/server/MountService.java

diff --git a/services/java/com/android/server/MountService.java b/services/java/com/android/server/MountService.java
index efc7839..0b7cfae 100644
--- a/services/java/com/android/server/MountService.java
+++ b/services/java/com/android/server/MountService.java
@@ -1058,11 +1058,21 @@
     }
 
     public String[] getSecureContainerList() throws IllegalStateException {
+        if (mContext.checkCallingOrSelfPermission(
+                android.Manifest.permission.ASEC_ACCESS)
+                != PackageManager.PERMISSION_GRANTED) {
+            throw new SecurityException("Requires ASEC_ACCESS permission");
+        }
         return mConnector.doListCommand("list_asec", VoldResponseCode.AsecListResult);
     }
 
     public String createSecureContainer(String id, int sizeMb, String fstype,
                                     String key, int ownerUid) throws IllegalStateException {
+        if (mContext.checkCallingOrSelfPermission(
+                android.Manifest.permission.ASEC_CREATE)
+                != PackageManager.PERMISSION_GRANTED) {
+            throw new SecurityException("Requires ASEC_CREATE permission");
+        }
         String cmd = String.format("create_asec %s %d %s %s %d",
                                    id, sizeMb, fstype, key, ownerUid);
         mConnector.doCommand(cmd);
@@ -1070,15 +1080,31 @@
     }
 
     public void finalizeSecureContainer(String id) throws IllegalStateException {
+        if (mContext.checkCallingOrSelfPermission(
+                android.Manifest.permission.ASEC_CREATE)
+                != PackageManager.PERMISSION_GRANTED) {
+            throw new SecurityException("Requires ASEC_CREATE permission");
+        }
         mConnector.doCommand(String.format("finalize_asec %s", id));
     }
 
     public void destroySecureContainer(String id) throws IllegalStateException {
+        if (mContext.checkCallingOrSelfPermission(
+                android.Manifest.permission.ASEC_DESTROY)
+                != PackageManager.PERMISSION_GRANTED) {
+            throw new SecurityException("Requires ASEC_DESTROY permission");
+        }
         mConnector.doCommand(String.format("destroy_asec %s", id));
     }
    
     public String mountSecureContainer(String id, String key,
                                        int ownerUid) throws IllegalStateException {
+        if (mContext.checkCallingOrSelfPermission(
+                android.Manifest.permission.ASEC_MOUNT_UNMOUNT)
+                != PackageManager.PERMISSION_GRANTED) {
+            throw new SecurityException("Requires ASEC_MOUNT_UNMOUNT permission");
+        }
+        mConnector.doCommand(String.format("destroy_asec %s", id));
         String cmd = String.format("mount_asec %s %s %d",
                                    id, key, ownerUid);
         mConnector.doCommand(cmd);
@@ -1086,16 +1112,31 @@
     }
 
     public void unmountSecureContainer(String id) throws IllegalStateException {
+        if (mContext.checkCallingOrSelfPermission(
+                android.Manifest.permission.ASEC_MOUNT_UNMOUNT)
+                != PackageManager.PERMISSION_GRANTED) {
+            throw new SecurityException("Requires ASEC_MOUNT_UNMOUNT permission");
+        }
         String cmd = String.format("unmount_asec %s", id);
         mConnector.doCommand(cmd);
     }
 
     public void renameSecureContainer(String oldId, String newId) throws IllegalStateException {
+        if (mContext.checkCallingOrSelfPermission(
+                android.Manifest.permission.ASEC_RENAME)
+                != PackageManager.PERMISSION_GRANTED) {
+            throw new SecurityException("Requires ASEC_RENAME permission");
+        }
         String cmd = String.format("rename_asec %s %s", oldId, newId);
         mConnector.doCommand(cmd);
     }
 
     public String getSecureContainerPath(String id) throws IllegalStateException {
+        if (mContext.checkCallingOrSelfPermission(
+                android.Manifest.permission.ASEC_ACCESS)
+                != PackageManager.PERMISSION_GRANTED) {
+            throw new SecurityException("Requires ASEC_ACCESS permission");
+        }
         ArrayList<String> rsp = mConnector.doCommand("asec_path " + id);
 
         for (String line : rsp) {