Public volumes belong to a single user.
When a public (vfat) device is inserted, it's strongly associated
with the current foreground user, and no other users should be able
to access it, since otherwise that would be a cross-user data leak.
To use the device under a different user, switch users and then
eject/remount the device.
Test: verified user isolation of USB drive
Bug: 32523490
Change-Id: I590c791996f1fea8d78f625dc942d149f1f41614
diff --git a/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java b/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java
index 393771a..d837988 100644
--- a/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java
+++ b/packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java
@@ -134,7 +134,8 @@
final VolumeInfo privateVol = mStorageManager.findPrivateForEmulated(volume);
title = mStorageManager.getBestVolumeDescription(privateVol);
}
- } else if (volume.getType() == VolumeInfo.TYPE_PUBLIC) {
+ } else if (volume.getType() == VolumeInfo.TYPE_PUBLIC
+ && volume.getMountUserId() == userId) {
rootId = volume.getFsUuid();
title = mStorageManager.getBestVolumeDescription(volume);
} else {
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index d10a457..91a38e9 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -169,6 +169,11 @@
}
@Override
+ public void onSwitchUser(int userHandle) {
+ mMountService.mCurrentUserId = userHandle;
+ }
+
+ @Override
public void onStartUser(int userHandle) {
mMountService.onStartUser(userHandle);
}
@@ -307,6 +312,8 @@
@GuardedBy("mLock")
private String mMoveTargetUuid;
+ private volatile int mCurrentUserId = UserHandle.USER_OWNER;
+
private VolumeInfo findVolumeByIdOrThrow(String id) {
synchronized (mLock) {
final VolumeInfo vol = mVolumes.get(id);
@@ -1183,7 +1190,7 @@
vol.mountFlags |= VolumeInfo.MOUNT_FLAG_VISIBLE;
}
- vol.mountUserId = UserHandle.USER_OWNER;
+ vol.mountUserId = mCurrentUserId;
mHandler.obtainMessage(H_VOLUME_MOUNT, vol).sendToTarget();
} else if (vol.type == VolumeInfo.TYPE_PRIVATE) {