Loading cmds/installd/commands.c +1 −0 Original line number Diff line number Diff line Loading @@ -30,6 +30,7 @@ dir_rec_t android_app_dir; dir_rec_t android_app_private_dir; dir_rec_t android_app_lib_dir; dir_rec_t android_media_dir; dir_rec_t android_mnt_expand_dir; dir_rec_array_t android_system_dirs; int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo) Loading cmds/installd/installd.c +5 −0 Original line number Diff line number Diff line Loading @@ -352,6 +352,11 @@ int initialize_globals() { return -1; } // Get the android external app directory. if (get_path_from_string(&android_mnt_expand_dir, "/mnt/expand") < 0) { return -1; } // Take note of the system and vendor directories. android_system_dirs.count = 4; Loading cmds/installd/installd.h +2 −1 Original line number Diff line number Diff line Loading @@ -101,6 +101,7 @@ extern dir_rec_t android_app_lib_dir; extern dir_rec_t android_data_dir; extern dir_rec_t android_asec_dir; extern dir_rec_t android_media_dir; extern dir_rec_t android_mnt_expand_dir; extern dir_rec_array_t android_system_dirs; typedef struct cache_dir_struct { Loading cmds/installd/utils.c +8 −4 Original line number Diff line number Diff line Loading @@ -910,14 +910,14 @@ void finish_cache_collection(cache_t* cache) * The path is allowed to have at most one subdirectory and no indirections * to top level directories (i.e. have ".."). */ static int validate_path(const dir_rec_t* dir, const char* path) { static int validate_path(const dir_rec_t* dir, const char* path, int maxSubdirs) { size_t dir_len = dir->len; const char* subdir = strchr(path + dir_len, '/'); // Only allow the path to have at most one subdirectory. if (subdir != NULL) { ++subdir; if (strchr(subdir, '/') != NULL) { if ((--maxSubdirs == 0) && strchr(subdir, '/') != NULL) { ALOGE("invalid apk path '%s' (subdir?)\n", path); return -1; } Loading @@ -942,7 +942,7 @@ int validate_system_app_path(const char* path) { for (i = 0; i < android_system_dirs.count; i++) { const size_t dir_len = android_system_dirs.dirs[i].len; if (!strncmp(path, android_system_dirs.dirs[i].path, dir_len)) { return validate_path(android_system_dirs.dirs + i, path); return validate_path(android_system_dirs.dirs + i, path, 1); } } Loading Loading @@ -1042,6 +1042,7 @@ int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) { int validate_apk_path(const char *path) { const dir_rec_t* dir = NULL; int maxSubdirs = 1; if (!strncmp(path, android_app_dir.path, android_app_dir.len)) { dir = &android_app_dir; Loading @@ -1049,11 +1050,14 @@ int validate_apk_path(const char *path) dir = &android_app_private_dir; } else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) { dir = &android_asec_dir; } else if (!strncmp(path, android_mnt_expand_dir.path, android_mnt_expand_dir.len)) { dir = &android_mnt_expand_dir; maxSubdirs = 2; } else { return -1; } return validate_path(dir, path); return validate_path(dir, path, maxSubdirs); } int append_and_increment(char** dst, const char* src, size_t* dst_size) { Loading Loading
cmds/installd/commands.c +1 −0 Original line number Diff line number Diff line Loading @@ -30,6 +30,7 @@ dir_rec_t android_app_dir; dir_rec_t android_app_private_dir; dir_rec_t android_app_lib_dir; dir_rec_t android_media_dir; dir_rec_t android_mnt_expand_dir; dir_rec_array_t android_system_dirs; int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo) Loading
cmds/installd/installd.c +5 −0 Original line number Diff line number Diff line Loading @@ -352,6 +352,11 @@ int initialize_globals() { return -1; } // Get the android external app directory. if (get_path_from_string(&android_mnt_expand_dir, "/mnt/expand") < 0) { return -1; } // Take note of the system and vendor directories. android_system_dirs.count = 4; Loading
cmds/installd/installd.h +2 −1 Original line number Diff line number Diff line Loading @@ -101,6 +101,7 @@ extern dir_rec_t android_app_lib_dir; extern dir_rec_t android_data_dir; extern dir_rec_t android_asec_dir; extern dir_rec_t android_media_dir; extern dir_rec_t android_mnt_expand_dir; extern dir_rec_array_t android_system_dirs; typedef struct cache_dir_struct { Loading
cmds/installd/utils.c +8 −4 Original line number Diff line number Diff line Loading @@ -910,14 +910,14 @@ void finish_cache_collection(cache_t* cache) * The path is allowed to have at most one subdirectory and no indirections * to top level directories (i.e. have ".."). */ static int validate_path(const dir_rec_t* dir, const char* path) { static int validate_path(const dir_rec_t* dir, const char* path, int maxSubdirs) { size_t dir_len = dir->len; const char* subdir = strchr(path + dir_len, '/'); // Only allow the path to have at most one subdirectory. if (subdir != NULL) { ++subdir; if (strchr(subdir, '/') != NULL) { if ((--maxSubdirs == 0) && strchr(subdir, '/') != NULL) { ALOGE("invalid apk path '%s' (subdir?)\n", path); return -1; } Loading @@ -942,7 +942,7 @@ int validate_system_app_path(const char* path) { for (i = 0; i < android_system_dirs.count; i++) { const size_t dir_len = android_system_dirs.dirs[i].len; if (!strncmp(path, android_system_dirs.dirs[i].path, dir_len)) { return validate_path(android_system_dirs.dirs + i, path); return validate_path(android_system_dirs.dirs + i, path, 1); } } Loading Loading @@ -1042,6 +1042,7 @@ int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) { int validate_apk_path(const char *path) { const dir_rec_t* dir = NULL; int maxSubdirs = 1; if (!strncmp(path, android_app_dir.path, android_app_dir.len)) { dir = &android_app_dir; Loading @@ -1049,11 +1050,14 @@ int validate_apk_path(const char *path) dir = &android_app_private_dir; } else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) { dir = &android_asec_dir; } else if (!strncmp(path, android_mnt_expand_dir.path, android_mnt_expand_dir.len)) { dir = &android_mnt_expand_dir; maxSubdirs = 2; } else { return -1; } return validate_path(dir, path); return validate_path(dir, path, maxSubdirs); } int append_and_increment(char** dst, const char* src, size_t* dst_size) { Loading
