From c25b18ead79c00fbe02cea10c4ee45087237fd99 Mon Sep 17 00:00:00 2001
From: M66B <marcel@bokhorst.biz>
Date: Mon, 16 Jun 2014 06:48:59 +0200
Subject: [PATCH] Fixed inet, media and sdcard always on demand restricting

Fixes #1722
---
 CHANGELOG.md                            |  1 +
 res/values/functions.xml                |  4 +-
 src/biz/bokhorst/xprivacy/XProcess.java | 68 ++++++++++++-------------
 3 files changed, 37 insertions(+), 36 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ad3811db1..9c2e38153 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,7 @@ Changelog
 
 * Fixed applying template restricting dangerous functions ([issue](/../../issues/1728))
 * Applying template with on demand restricting will enabled on demand restricting setting ([issue](/../../issues/1727))
+* Fixed *inet*, *media* and *sdcard* always on demand restricting ([issue](/../../issues/1722))
 
 [Open issues](https://github.com/M66B/XPrivacy/issues?state=open)
 
diff --git a/res/values/functions.xml b/res/values/functions.xml
index fd37db4e3..bf2bacdf6 100644
--- a/res/values/functions.xml
+++ b/res/values/functions.xml
@@ -239,8 +239,8 @@
     <string name="shell_start" translatable="false"><![CDATA[<a href="https://developer.android.com/reference/java/lang/ProcessBuilder.html#start()">Google documentation</a>]]></string>
 
     <!-- storage -->
-    <string name="storage_media" translatable="false"><![CDATA[Will restrict access to secondary external storage(s) (<a href="http://www.chainfire.eu/articles/113/Is_Google_blocking_apps_writing_to_SD_cards_/">article</a>)]]></string>
-    <string name="storage_sdcard" translatable="false"><![CDATA[Will restrict access to primary external storage (<a href="http://www.chainfire.eu/articles/113/Is_Google_blocking_apps_writing_to_SD_cards_/">article</a>)<br /><br /><a href="http://developer.android.com/reference/android/Manifest.permission.html#READ_EXTERNAL_STORAGE">Google documentation</a>]]></string>
+    <string name="storage_media" translatable="false"><![CDATA[Will restrict access to secondary external storage(s) (<a href="http://www.doubleencore.com/2014/03/android-external-storage/">article</a>)]]></string>
+    <string name="storage_sdcard" translatable="false"><![CDATA[Will restrict access to primary external storage (<a href="http://www.doubleencore.com/2014/03/android-external-storage/">article</a>)<br /><br /><a href="http://developer.android.com/reference/android/Manifest.permission.html#READ_EXTERNAL_STORAGE">Google documentation</a>]]></string>
     <string name="storage_getExternalStorageState" translatable="false"><![CDATA[<a href="https://developer.android.com/reference/android/os/Environment.html#getExternalStorageState()">Google documentation</a>]]></string>
     <string name="storage_open" translatable="false"><![CDATA[Will restrict access to files on the SD card (or internal storage for devices without)]]></string>
 
diff --git a/src/biz/bokhorst/xprivacy/XProcess.java b/src/biz/bokhorst/xprivacy/XProcess.java
index ab8654602..40ae50dea 100644
--- a/src/biz/bokhorst/xprivacy/XProcess.java
+++ b/src/biz/bokhorst/xprivacy/XProcess.java
@@ -61,6 +61,7 @@ public static List<XHook> getInstances() {
 	// frameworks/base/data/etc/platform.xml
 
 	// http://www.doubleencore.com/2014/03/android-external-storage/
+	// http://www.chainfire.eu/articles/113/Is_Google_blocking_apps_writing_to_SD_cards_/
 	// https://android.googlesource.com/platform/system/core/+/dfe0cba
 	// https://android.googlesource.com/platform/system/core/+/master/sdcard/sdcard.c
 
@@ -68,47 +69,46 @@ public static List<XHook> getInstances() {
 	protected void before(XParam param) throws Throwable {
 		if (mMethod == Methods.startViaZygote) {
 			if (param.args.length >= 5) {
-				// Check if restricted
+				// Get IDs
 				int uid = (Integer) param.args[2];
-				if (getRestricted(uid, mAction)) {
-					// Get group IDs
-					int[] gids = (int[]) param.args[4];
-					if (gids == null)
-						return;
-
-					// Build list of modified gids
-					List<Integer> listGids = new ArrayList<Integer>();
-					for (int i = 0; i < gids.length; i++) {
-						if (gids[i] == media_rw)
-							if (!(mRestrictionName.equals(PrivacyManager.cStorage) && mAction.equals("media")))
-								listGids.add(gids[i]);
-							else
-								Util.log(this, Log.INFO, "Revoking media_rw uid=" + uid);
-
-						else if (gids[i] == sdcard_r || gids[i] == sdcard_rw || gids[i] == sdcard_pics
-								|| gids[i] == sdcard_av || gids[i] == sdcard_all)
-							if (!(mRestrictionName.equals(PrivacyManager.cStorage) && mAction.equals("sdcard")))
-								listGids.add(gids[i]);
-							else
-								Util.log(this, Log.INFO, "Revoking sdcard_rw uid=" + uid);
-
-						else if (gids[i] == inet || gids[i] == inet_raw)
-							if (!(mRestrictionName.equals(PrivacyManager.cInternet)))
-								listGids.add(gids[i]);
-							else
-								Util.log(this, Log.INFO, "Revoking inet_raw uid=" + uid);
+				int[] gids = (int[]) param.args[4];
+				if (gids == null)
+					return;
+
+				// Build list of modified gids
+				List<Integer> listGids = new ArrayList<Integer>();
+				for (int i = 0; i < gids.length; i++) {
+					if (gids[i] == media_rw)
+						if (mRestrictionName.equals(PrivacyManager.cStorage) && mAction.equals("media")
+								&& getRestricted(uid, mAction))
+							Util.log(this, Log.INFO, "Revoking media_rw uid=" + uid);
+						else
+							listGids.add(gids[i]);
 
+					else if (gids[i] == sdcard_r || gids[i] == sdcard_rw || gids[i] == sdcard_pics
+							|| gids[i] == sdcard_av || gids[i] == sdcard_all)
+						if (mRestrictionName.equals(PrivacyManager.cStorage) && mAction.equals("sdcard")
+								&& getRestricted(uid, mAction))
+							Util.log(this, Log.INFO, "Revoking sdcard_rw uid=" + uid);
 						else
 							listGids.add(gids[i]);
-					}
 
-					// Proces list of modified gids
-					int[] mGids = new int[listGids.size()];
-					for (int i = 0; i < listGids.size(); i++)
-						mGids[i] = listGids.get(i);
+					else if (gids[i] == inet || gids[i] == inet_raw)
+						if (mRestrictionName.equals(PrivacyManager.cInternet) && getRestricted(uid, mAction))
+							Util.log(this, Log.INFO, "Revoking inet_raw uid=" + uid);
+						else
+							listGids.add(gids[i]);
 
-					param.args[4] = (mGids.length == 0 ? null : mGids);
+					else
+						listGids.add(gids[i]);
 				}
+
+				// Proces list of modified gids
+				int[] mGids = new int[listGids.size()];
+				for (int i = 0; i < listGids.size(); i++)
+					mGids[i] = listGids.get(i);
+
+				param.args[4] = (mGids.length == 0 ? null : mGids);
 			}
 		} else
 			Util.log(this, Log.WARN, "Unknown method=" + param.method.getName());