Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3ef54f28 authored by George Burgess IV's avatar George Burgess IV
Browse files

Add permission bits to open calls with O_CREAT 

Open needs a third argument if you pass it O_CREAT:
https://linux.die.net/man/3/open

This turns into a compile-time error with FORITFY, so we need this fixed
before our unbroken FORTIFY can go in.

(The TEMP_FAILURE_RETRY open isn't detected by clang FORTIFY, but I
noticed that open_reference_profile potentially passes in O_CREAT as an
open_flag.)

Bug: 32073964
Test: Now builds with clang FORTIFY; CtsCompilationTestCases passes;
manually verified that /data/misc/profiles/ref/*/primary.prof has rw
permissions after a successful `cmd package compile -m speed-profile`.
Change-Id: Ie707d5ad403d2f86c769277b3e0f147c45000a6b
parent 70a5f120

cmds/installd/dexopt.cpp

+2 −2
Original line number Original line Diff line number Diff line
@@ -497,7 +497,7 @@ static fd_t open_primary_profile_file_from_dir(const std::string& profile_dir, m 
    fd_t profile_fd = -1;

    fd_t profile_fd = -1;

    std::string profile_file = create_primary_profile(profile_dir);

    std::string profile_file = create_primary_profile(profile_dir);





    profile_fd = TEMP_FAILURE_RETRY(open(profile_file.c_str(), open_mode | O_NOFOLLOW));

    profile_fd = TEMP_FAILURE_RETRY(open(profile_file.c_str(), open_mode | O_NOFOLLOW, 0600));

    if (profile_fd == -1) {

    if (profile_fd == -1) {

        // It's not an error if the profile file does not exist.

        // It's not an error if the profile file does not exist.

        if (errno != ENOENT) {

        if (errno != ENOENT) {
@@ -756,7 +756,7 @@ bool dump_profiles(int32_t uid, const char* pkgname, const char* code_paths) { 
        return false;

        return false;

    }

    }





    fd_t output_fd = open(out_file_name.c_str(), O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW);

    fd_t output_fd = open(out_file_name.c_str(), O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0644);

    if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {

    if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {

        ALOGE("installd cannot chmod '%s' dump_profile\n", out_file_name.c_str());

        ALOGE("installd cannot chmod '%s' dump_profile\n", out_file_name.c_str());

        return false;

        return false;