Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c3d9dce9 authored by Eric Biggers's avatar Eric Biggers
Browse files

installd: only delete contents of user's CE and DE dirs 

The /data/user/$userId, /data/user_de/$userId, and /data/media/$userId
directories (or their /mnt/expand equivalents) are created by vold, so
they should be deleted by vold as well, and in fact that would already
happen except that installd deletes them recursively before vold gets to
it.  Change installd to delete just the contents of these directories.

This is a prerequisite to locking down the ability to create these
directories (https://r.android.com/2078213), which is needed to stop
subdirectories from accidentally being created too early.  Technically
we could achieve this goal without limiting delete access, as it's
create access that really matters, but having the operations be paired
properly is much cleaner.

Test: Created and deleted a user, and verified that all their
      directories still got deleted.
Bug: 156305599
Change-Id: I93f0f86df10829818d0becb65af31190dd008b3c
parent 27590051

cmds/installd/InstalldNativeService.cpp

+9 −6
Original line number Diff line number Diff line
@@ -1851,8 +1851,9 @@ binder::Status InstalldNativeService::destroyUserData(const std::optional<std::s 
    binder::Status res = ok();

    if (flags & FLAG_STORAGE_DE) {

        auto path = create_data_user_de_path(uuid_, userId);

        if (delete_dir_contents_and_dir(path, true) != 0) {

            res = error("Failed to delete " + path);

        // Contents only, as vold is responsible for the user_de dir itself.

        if (delete_dir_contents(path, true) != 0) {

            res = error("Failed to delete contents of " + path);

        }

        auto sdk_sandbox_de_path =

                create_data_misc_sdk_sandbox_path(uuid_, /*isCeData=*/false, userId);
@@ -1872,8 +1873,9 @@ binder::Status InstalldNativeService::destroyUserData(const std::optional<std::s 
    }

    if (flags & FLAG_STORAGE_CE) {

        auto path = create_data_user_ce_path(uuid_, userId);

        if (delete_dir_contents_and_dir(path, true) != 0) {

            res = error("Failed to delete " + path);

        // Contents only, as vold is responsible for the user_ce dir itself.

        if (delete_dir_contents(path, true) != 0) {

            res = error("Failed to delete contents of " + path);

        }

        auto sdk_sandbox_ce_path =

                create_data_misc_sdk_sandbox_path(uuid_, /*isCeData=*/true, userId);
@@ -1881,8 +1883,9 @@ binder::Status InstalldNativeService::destroyUserData(const std::optional<std::s 
            res = error("Failed to delete " + sdk_sandbox_ce_path);

        }

        path = findDataMediaPath(uuid, userId);

        if (delete_dir_contents_and_dir(path, true) != 0) {

            res = error("Failed to delete " + path);

        // Contents only, as vold is responsible for the media dir itself.

        if (delete_dir_contents(path, true) != 0) {

            res = error("Failed to delete contents of " + path);

        }

    }

    return res;