Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a3db3622 authored by Nick Kralevich's avatar Nick Kralevich Committed by Android Git Automerger
Browse files

am f40c1fe5: am 3dd3de03: Merge "installd: change profile files to 0660"

* commit 'f40c1fe5':
  installd: change profile files to 0660
parents f15b30a4 f40c1fe5
Loading
Loading
Loading
Loading
+6 −29
Original line number Original line Diff line number Diff line
@@ -1036,50 +1036,27 @@ int ensure_config_user_dirs(userid_t userid) {


int create_profile_file(const char *pkgname, gid_t gid) {
int create_profile_file(const char *pkgname, gid_t gid) {
    const char *profile_dir = DALVIK_CACHE_PREFIX "profiles";
    const char *profile_dir = DALVIK_CACHE_PREFIX "profiles";
    struct stat profileStat;
    char profile_file[PKG_PATH_MAX];
    char profile_file[PKG_PATH_MAX];


    // If we don't have a profile directory under dalvik-cache we need to create one.
    if (stat(profile_dir, &profileStat) < 0) {
        // Create the profile directory under dalvik-cache.
        if (mkdir(profile_dir, 0711) < 0) {
            ALOGE("cannot make profile dir '%s': %s\n", profile_dir, strerror(errno));
            return -1;
        }

        // Make the profile directory write-only for group and other. Owner can rwx it.
        if (chmod(profile_dir, 0711) < 0) {
            ALOGE("cannot chown profile dir '%s': %s\n", profile_dir, strerror(errno));
            rmdir(profile_dir);
            return -1;
        }

        if (selinux_android_restorecon(profile_dir, 0) < 0) {
            ALOGE("cannot restorecon profile dir '%s': %s\n", profile_dir, strerror(errno));
            rmdir(profile_dir);
            return -1;
        }
    }

    snprintf(profile_file, sizeof(profile_file), "%s/%s", profile_dir, pkgname);
    snprintf(profile_file, sizeof(profile_file), "%s/%s", profile_dir, pkgname);


    // The 'system' user needs to be able to read the profile to determine if dex2oat
    // The 'system' user needs to be able to read the profile to determine if dex2oat
    // needs to be run.  This is done in dalvik.system.DexFile.isDexOptNeededInternal().  So
    // needs to be run.  This is done in dalvik.system.DexFile.isDexOptNeededInternal().  So
    // we make it world readable.  Not a problem since the dalvik cache is world
    // we assign ownership to AID_SYSTEM and ensure it's not world-readable.
    // readable anyway.


    int fd = open(profile_file, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0664);
    int fd = open(profile_file, O_WRONLY | O_CREAT | O_NOFOLLOW | O_CLOEXEC, 0660);


    // Open will fail if the file already exists.  We want to ignore that.
    // Always set the uid/gid/permissions. The file could have been previously created
    // with different permissions.
    if (fd >= 0) {
    if (fd >= 0) {
        if (fchown(fd, -1, gid) < 0) {
        if (fchown(fd, AID_SYSTEM, gid) < 0) {
            ALOGE("cannot chown profile file '%s': %s\n", profile_file, strerror(errno));
            ALOGE("cannot chown profile file '%s': %s\n", profile_file, strerror(errno));
            close(fd);
            close(fd);
            unlink(profile_file);
            unlink(profile_file);
            return -1;
            return -1;
        }
        }


        if (fchmod(fd, 0664) < 0) {
        if (fchmod(fd, 0660) < 0) {
            ALOGE("cannot chmod profile file '%s': %s\n", profile_file, strerror(errno));
            ALOGE("cannot chmod profile file '%s': %s\n", profile_file, strerror(errno));
            close(fd);
            close(fd);
            unlink(profile_file);
            unlink(profile_file);