Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 43ea1c58 authored by Jeff Sharkey's avatar Jeff Sharkey Committed by The Android Automerger
Browse files

Be strict, but not that strict. 

Certain apps decide that they want to chmod() their private data
directories to gain more security.  We still want to carefully
enforce owner UID/GID, but relax the mode check for now.

Bug: 26549892
Change-Id: I362d530ba0b20fb23f427ac082ee003864adc57d
parent 7a31be6e

include/cutils/fs.h

+1 −1
Original line number Diff line number Diff line
@@ -47,7 +47,7 @@ extern int fs_prepare_dir(const char* path, mode_t mode, uid_t uid, gid_t gid); 


/*

 * Ensure that directory exists with given mode and owners.  If it exists

 * with a different mode or owners, they are not fixed and -1 is returned.

 * with different owners, they are not fixed and -1 is returned.

 */

extern int fs_prepare_dir_strict(const char* path, mode_t mode, uid_t uid, gid_t gid);

libcutils/fs.c

+12 −3
Original line number Diff line number Diff line
@@ -55,13 +55,22 @@ static int fs_prepare_dir_impl(const char* path, mode_t mode, uid_t uid, gid_t g 
        ALOGE("Not a directory: %s", path);

        return -1;

    }

    if (((sb.st_mode & ALL_PERMS) == mode) && (sb.st_uid == uid) && (sb.st_gid == gid)) {

    int owner_match = ((sb.st_uid == uid) && (sb.st_gid == gid));

    int mode_match = ((sb.st_mode & ALL_PERMS) == mode);

    if (owner_match && mode_match) {

        return 0;

    } else if (allow_fixup) {

        goto fixup;

    } else {

        ALOGE("Path %s exists with unexpected permissions", path);

        if (!owner_match) {

            ALOGE("Expected path %s with owner %d:%d but found %d:%d",

                    path, uid, gid, sb.st_uid, sb.st_gid);

            return -1;

        } else {

            ALOGW("Expected path %s with mode %o but found %o",

                    path, mode, (sb.st_mode & ALL_PERMS));

            return 0;

        }

    }



create: