Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 12ea24c3 authored by Calin Juravle's avatar Calin Juravle Committed by android-build-merger
Browse files

Merge "Adjust the validation code for secondary dex paths" into oc-mr1-dev 

am: 495157b0

Change-Id: I241735ef8fa01a0210582c145b26b4d50a713855
parents 64418b3b 495157b0

cmds/installd/dexopt.cpp

+7 −1
Original line number Diff line number Diff line
@@ -1805,8 +1805,14 @@ bool reconcile_secondary_dex_file(const std::string& dex_path, 
    }



    const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();



    // Note that we cannot validate the package path here because the file might not exist

    // and we cannot call realpath to resolve system symlinks. Since /data/user/0 symlinks to

    // /data/data/ a lot of validations will fail if we attempt to check the package path.

    // It is still ok to be more relaxed because any file removal is done after forking and

    // dropping capabilities.

    if (!validate_secondary_dex_path(pkgname.c_str(), dex_path.c_str(), volume_uuid_cstr,

            uid, storage_flag)) {

            uid, storage_flag, /*validate_package_path*/ false)) {

        LOG(ERROR) << "Could not validate secondary dex path " << dex_path;

        return false;

    }

cmds/installd/utils.cpp

+13 −10
Original line number Diff line number Diff line
@@ -801,7 +801,7 @@ int validate_system_app_path(const char* path) { 
}



bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,

        const char* volume_uuid, int uid, int storage_flag) {

        const char* volume_uuid, int uid, int storage_flag, bool validate_package_path) {

    CHECK(storage_flag == FLAG_STORAGE_CE || storage_flag == FLAG_STORAGE_DE);



    // Empty paths are not allowed.
@@ -815,7 +815,9 @@ bool validate_secondary_dex_path(const std::string& pkgname, const std::string& 
    // The path should be at most PKG_PATH_MAX long.

    if (dex_path.size() > PKG_PATH_MAX) { return false; }



    // The dex_path should be under the app data directory.

    if (validate_package_path) {

        // If we are asked to validate the package path check that

        // the dex_path is under the app data directory.

        std::string app_private_dir = storage_flag == FLAG_STORAGE_CE

            ? create_data_user_ce_package_path(

                    volume_uuid, multiuser_get_user_id(uid), pkgname.c_str())
@@ -825,6 +827,7 @@ bool validate_secondary_dex_path(const std::string& pkgname, const std::string& 
        if (strncmp(dex_path.c_str(), app_private_dir.c_str(), app_private_dir.size()) != 0) {

            return false;

        }

    }



    // If we got here we have a valid path.

    return true;

cmds/installd/utils.h

+1 −1
Original line number Diff line number Diff line
@@ -125,7 +125,7 @@ std::string read_path_inode(const std::string& parent, const char* name, const c 


int validate_system_app_path(const char* path);

bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,

        const char* volume_uuid, int uid, int storage_flag);

        const char* volume_uuid, int uid, int storage_flag, bool validate_package_path = true);



int get_path_from_env(dir_rec_t* rec, const char* var);