Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 172fac04 authored by Jeff Sharkey's avatar Jeff Sharkey Committed by Andreas Gampe
Browse files

Fix bug in directory depth counting. 

The path "dir//file" has the same depth as "dir/file".  Also verify
with local unit tests.

(cherry picked from commit b92de07b)

Test: /data/nativetest64/installd_utils_test/installd_utils_test
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67471251
Merged-In: Iab35b4fe5591ddd42a7121b630cffcd94ad23c40
Change-Id: Iab35b4fe5591ddd42a7121b630cffcd94ad23c40
parent 7e01b2b1

cmds/installd/tests/installd_utils_test.cpp

+24 −6
Original line number Diff line number Diff line
@@ -168,12 +168,6 @@ TEST_F(UtilsTest, IsValidApkPath_EscapeFail) { 
            << badasec1 << " should be rejected as a invalid path";

}



TEST_F(UtilsTest, IsValidApkPath_DoubleSlashFail) {

    const char *badasec2 = TEST_ASEC_DIR "com.example.asec//pkg.apk";

    EXPECT_EQ(-1, validate_apk_path(badasec2))

            << badasec2 << " should be rejected as a invalid path";

}



TEST_F(UtilsTest, IsValidApkPath_SubdirEscapeFail) {

    const char *badasec3 = TEST_ASEC_DIR "com.example.asec/../../../pkg.apk";

    EXPECT_EQ(-1, validate_apk_path(badasec3))
@@ -451,5 +445,29 @@ TEST_F(UtilsTest, ValidateSecondaryDexFilesPath) { 
        package_name, app_dir_ce_user_10 + "/" + too_long, app_uid_for_user_10, FLAG_STORAGE_CE);

}



TEST_F(UtilsTest, ValidateApkPath) {

    EXPECT_EQ(0, validate_apk_path("/data/app/com.example"));

    EXPECT_EQ(0, validate_apk_path("/data/app/com.example/file"));

    EXPECT_EQ(0, validate_apk_path("/data/app/com.example//file"));

    EXPECT_NE(0, validate_apk_path("/data/app/com.example/dir/"));

    EXPECT_NE(0, validate_apk_path("/data/app/com.example/dir/file"));

    EXPECT_NE(0, validate_apk_path("/data/app/com.example/dir/dir/file"));

    EXPECT_NE(0, validate_apk_path("/data/app/com.example/dir/dir//file"));

    EXPECT_NE(0, validate_apk_path("/data/app/com.example/dir/dir/dir/file"));

    EXPECT_NE(0, validate_apk_path("/data/app/com.example/dir/dir/dir//file"));

}



TEST_F(UtilsTest, ValidateApkPathSubdirs) {

    EXPECT_EQ(0, validate_apk_path_subdirs("/data/app/com.example"));

    EXPECT_EQ(0, validate_apk_path_subdirs("/data/app/com.example/file"));

    EXPECT_EQ(0, validate_apk_path_subdirs("/data/app/com.example//file"));

    EXPECT_EQ(0, validate_apk_path_subdirs("/data/app/com.example/dir/"));

    EXPECT_EQ(0, validate_apk_path_subdirs("/data/app/com.example/dir/file"));

    EXPECT_EQ(0, validate_apk_path_subdirs("/data/app/com.example/dir/dir/file"));

    EXPECT_EQ(0, validate_apk_path_subdirs("/data/app/com.example/dir/dir//file"));

    EXPECT_NE(0, validate_apk_path_subdirs("/data/app/com.example/dir/dir/dir/file"));

    EXPECT_NE(0, validate_apk_path_subdirs("/data/app/com.example/dir/dir/dir//file"));

}



}  // namespace installd

}  // namespace android

cmds/installd/utils.cpp

+5 −2
Original line number Diff line number Diff line
@@ -756,9 +756,12 @@ static int validate_path(const std::string& dir, const std::string& path, int ma 
    auto pos = path.find('/', dir.size());

    int count = 0;

    while (pos != std::string::npos) {

        pos = path.find('/', pos + 1);

        auto next = path.find('/', pos + 1);

        if (next > pos + 1) {

            count++;

        }

        pos = next;

    }



    if (count > maxSubdirs) {

        LOG(ERROR) << "Invalid path depth " << path << " when tested against " << dir;