Media process should run with "write" access.
The WRITE_MEDIA_STORAGE permission had inadvertently been giving apps
the "default" view of storage. This had worked for a long since,
since we also gave them the "sdcard_rw" permission, but a recent
security patch broke this for secondary users.
Apps holding this permission should have been mounted "write" all
along, and relied on that view to access storage devices. This also
means they no longer need the "sdcard_rw" GID.
Test: builds, boots, secondary user media/camera works
Bug: 72732906, 71737806, 72224817
Change-Id: I5cd687a1e128024f33b4acd93c15e75192ed1c85
diff --git a/data/etc/platform.xml b/data/etc/platform.xml
index 04006b1..3021555 100644
--- a/data/etc/platform.xml
+++ b/data/etc/platform.xml
@@ -62,7 +62,6 @@
<permission name="android.permission.WRITE_MEDIA_STORAGE" >
<group gid="media_rw" />
- <group gid="sdcard_rw" />
</permission>
<permission name="android.permission.ACCESS_MTP" >
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index a0cb722..940d19f 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -20936,9 +20936,6 @@
if (Process.isIsolated(uid)) {
return Zygote.MOUNT_EXTERNAL_NONE;
}
- if (checkUidPermission(WRITE_MEDIA_STORAGE, uid) == PERMISSION_GRANTED) {
- return Zygote.MOUNT_EXTERNAL_DEFAULT;
- }
if (checkUidPermission(READ_EXTERNAL_STORAGE, uid) == PERMISSION_DENIED) {
return Zygote.MOUNT_EXTERNAL_DEFAULT;
}
