Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 495157b0 authored by Calin Juravle's avatar Calin Juravle Committed by Android (Google) Code Review
Browse files

Merge "Adjust the validation code for secondary dex paths" into oc-mr1-dev

parents fcc70bdc 9cd45602
Loading
Loading
Loading
Loading
+7 −1
Original line number Diff line number Diff line
@@ -1796,8 +1796,14 @@ bool reconcile_secondary_dex_file(const std::string& dex_path,
    }

    const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();

    // Note that we cannot validate the package path here because the file might not exist
    // and we cannot call realpath to resolve system symlinks. Since /data/user/0 symlinks to
    // /data/data/ a lot of validations will fail if we attempt to check the package path.
    // It is still ok to be more relaxed because any file removal is done after forking and
    // dropping capabilities.
    if (!validate_secondary_dex_path(pkgname.c_str(), dex_path.c_str(), volume_uuid_cstr,
            uid, storage_flag)) {
            uid, storage_flag, /*validate_package_path*/ false)) {
        LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
        return false;
    }
+13 −10
Original line number Diff line number Diff line
@@ -801,7 +801,7 @@ int validate_system_app_path(const char* path) {
}

bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,
        const char* volume_uuid, int uid, int storage_flag) {
        const char* volume_uuid, int uid, int storage_flag, bool validate_package_path) {
    CHECK(storage_flag == FLAG_STORAGE_CE || storage_flag == FLAG_STORAGE_DE);

    // Empty paths are not allowed.
@@ -815,7 +815,9 @@ bool validate_secondary_dex_path(const std::string& pkgname, const std::string&
    // The path should be at most PKG_PATH_MAX long.
    if (dex_path.size() > PKG_PATH_MAX) { return false; }

    // The dex_path should be under the app data directory.
    if (validate_package_path) {
        // If we are asked to validate the package path check that
        // the dex_path is under the app data directory.
        std::string app_private_dir = storage_flag == FLAG_STORAGE_CE
            ? create_data_user_ce_package_path(
                    volume_uuid, multiuser_get_user_id(uid), pkgname.c_str())
@@ -825,6 +827,7 @@ bool validate_secondary_dex_path(const std::string& pkgname, const std::string&
        if (strncmp(dex_path.c_str(), app_private_dir.c_str(), app_private_dir.size()) != 0) {
            return false;
        }
    }

    // If we got here we have a valid path.
    return true;
+1 −1
Original line number Diff line number Diff line
@@ -125,7 +125,7 @@ std::string read_path_inode(const std::string& parent, const char* name, const c

int validate_system_app_path(const char* path);
bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,
        const char* volume_uuid, int uid, int storage_flag);
        const char* volume_uuid, int uid, int storage_flag, bool validate_package_path = true);

int get_path_from_env(dir_rec_t* rec, const char* var);