Skip to content
This repository has been archived by the owner on Sep 6, 2019. It is now read-only.

Commit

Permalink
Fixed inet, media and sdcard always on demand restricting
Browse files Browse the repository at this point in the history
Fixes #1722
  • Loading branch information
M66B committed Jun 16, 2014
1 parent 74aad42 commit c25b18e
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 36 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ Changelog

* Fixed applying template restricting dangerous functions ([issue](/../../issues/1728))
* Applying template with on demand restricting will enabled on demand restricting setting ([issue](/../../issues/1727))
* Fixed *inet*, *media* and *sdcard* always on demand restricting ([issue](/../../issues/1722))

[Open issues](https://github.com/M66B/XPrivacy/issues?state=open)

Expand Down
4 changes: 2 additions & 2 deletions res/values/functions.xml
Original file line number Diff line number Diff line change
Expand Up @@ -239,8 +239,8 @@
<string name="shell_start" translatable="false"><![CDATA[<a href="https://developer.android.com/reference/java/lang/ProcessBuilder.html#start()">Google documentation</a>]]></string>

<!-- storage -->
<string name="storage_media" translatable="false"><![CDATA[Will restrict access to secondary external storage(s) (<a href="http://www.chainfire.eu/articles/113/Is_Google_blocking_apps_writing_to_SD_cards_/">article</a>)]]></string>
<string name="storage_sdcard" translatable="false"><![CDATA[Will restrict access to primary external storage (<a href="http://www.chainfire.eu/articles/113/Is_Google_blocking_apps_writing_to_SD_cards_/">article</a>)<br /><br /><a href="http://developer.android.com/reference/android/Manifest.permission.html#READ_EXTERNAL_STORAGE">Google documentation</a>]]></string>
<string name="storage_media" translatable="false"><![CDATA[Will restrict access to secondary external storage(s) (<a href="http://www.doubleencore.com/2014/03/android-external-storage/">article</a>)]]></string>
<string name="storage_sdcard" translatable="false"><![CDATA[Will restrict access to primary external storage (<a href="http://www.doubleencore.com/2014/03/android-external-storage/">article</a>)<br /><br /><a href="http://developer.android.com/reference/android/Manifest.permission.html#READ_EXTERNAL_STORAGE">Google documentation</a>]]></string>
<string name="storage_getExternalStorageState" translatable="false"><![CDATA[<a href="https://developer.android.com/reference/android/os/Environment.html#getExternalStorageState()">Google documentation</a>]]></string>
<string name="storage_open" translatable="false"><![CDATA[Will restrict access to files on the SD card (or internal storage for devices without)]]></string>

Expand Down
68 changes: 34 additions & 34 deletions src/biz/bokhorst/xprivacy/XProcess.java
Original file line number Diff line number Diff line change
Expand Up @@ -61,54 +61,54 @@ public static List<XHook> getInstances() {
// frameworks/base/data/etc/platform.xml

// http://www.doubleencore.com/2014/03/android-external-storage/
// http://www.chainfire.eu/articles/113/Is_Google_blocking_apps_writing_to_SD_cards_/
// https://android.googlesource.com/platform/system/core/+/dfe0cba
// https://android.googlesource.com/platform/system/core/+/master/sdcard/sdcard.c

@Override
protected void before(XParam param) throws Throwable {
if (mMethod == Methods.startViaZygote) {
if (param.args.length >= 5) {
// Check if restricted
// Get IDs
int uid = (Integer) param.args[2];
if (getRestricted(uid, mAction)) {
// Get group IDs
int[] gids = (int[]) param.args[4];
if (gids == null)
return;

// Build list of modified gids
List<Integer> listGids = new ArrayList<Integer>();
for (int i = 0; i < gids.length; i++) {
if (gids[i] == media_rw)
if (!(mRestrictionName.equals(PrivacyManager.cStorage) && mAction.equals("media")))
listGids.add(gids[i]);
else
Util.log(this, Log.INFO, "Revoking media_rw uid=" + uid);

else if (gids[i] == sdcard_r || gids[i] == sdcard_rw || gids[i] == sdcard_pics
|| gids[i] == sdcard_av || gids[i] == sdcard_all)
if (!(mRestrictionName.equals(PrivacyManager.cStorage) && mAction.equals("sdcard")))
listGids.add(gids[i]);
else
Util.log(this, Log.INFO, "Revoking sdcard_rw uid=" + uid);

else if (gids[i] == inet || gids[i] == inet_raw)
if (!(mRestrictionName.equals(PrivacyManager.cInternet)))
listGids.add(gids[i]);
else
Util.log(this, Log.INFO, "Revoking inet_raw uid=" + uid);
int[] gids = (int[]) param.args[4];
if (gids == null)
return;

// Build list of modified gids
List<Integer> listGids = new ArrayList<Integer>();
for (int i = 0; i < gids.length; i++) {
if (gids[i] == media_rw)
if (mRestrictionName.equals(PrivacyManager.cStorage) && mAction.equals("media")
&& getRestricted(uid, mAction))
Util.log(this, Log.INFO, "Revoking media_rw uid=" + uid);
else
listGids.add(gids[i]);

else if (gids[i] == sdcard_r || gids[i] == sdcard_rw || gids[i] == sdcard_pics
|| gids[i] == sdcard_av || gids[i] == sdcard_all)
if (mRestrictionName.equals(PrivacyManager.cStorage) && mAction.equals("sdcard")
&& getRestricted(uid, mAction))
Util.log(this, Log.INFO, "Revoking sdcard_rw uid=" + uid);
else
listGids.add(gids[i]);
}

// Proces list of modified gids
int[] mGids = new int[listGids.size()];
for (int i = 0; i < listGids.size(); i++)
mGids[i] = listGids.get(i);
else if (gids[i] == inet || gids[i] == inet_raw)
if (mRestrictionName.equals(PrivacyManager.cInternet) && getRestricted(uid, mAction))
Util.log(this, Log.INFO, "Revoking inet_raw uid=" + uid);
else
listGids.add(gids[i]);

param.args[4] = (mGids.length == 0 ? null : mGids);
else
listGids.add(gids[i]);
}

// Proces list of modified gids
int[] mGids = new int[listGids.size()];
for (int i = 0; i < listGids.size(); i++)
mGids[i] = listGids.get(i);

param.args[4] = (mGids.length == 0 ? null : mGids);
}
} else
Util.log(this, Log.WARN, "Unknown method=" + param.method.getName());
Expand Down

0 comments on commit c25b18e

Please sign in to comment.