Fix for: clearAppProfiles interface can cause arbitrary file truncate (df2fb613) · Commits · e / os / platform_frameworks_native

cmds/installd/InstalldNativeService.cpp

+6 −0

Original line number	Diff line number	Diff line
		@@ -1028,6 +1028,12 @@ binder::Status InstalldNativeService::clearAppProfiles(const std::string& packag
		const std::string& profileName) {
		ENFORCE_UID(AID_SYSTEM);
		CHECK_ARGUMENT_PACKAGE_NAME(packageName);
		CHECK_ARGUMENT_FILE_NAME(profileName);
		if (!base::EndsWith(profileName, ".prof")) {
		return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
		StringPrintf("Profile name %s does not end with .prof",
		profileName.c_str()));
		}
		LOCK_PACKAGE();

		binder::Status res = ok();

+17 −0

Original line number	Diff line number	Diff line
		@@ -1293,6 +1293,23 @@ TEST_F(ProfileTest, ProfilePrepareFailProfileChangedUid) {
		preparePackageProfile(package_name_, "primary.prof", /expected_result/ false);
		}

		TEST_F(ProfileTest, ClearAppProfilesOk) {
		LOG(INFO) << "ClearAppProfilesOk";

		ASSERT_BINDER_SUCCESS(service_->clearAppProfiles(package_name_, "primary.prof"));
		ASSERT_BINDER_SUCCESS(service_->clearAppProfiles(package_name_, "image_editor.split.prof"));
		}

		TEST_F(ProfileTest, ClearAppProfilesFailWrongProfileName) {
		LOG(INFO) << "ClearAppProfilesFailWrongProfileName";

		ASSERT_BINDER_FAIL(
		service_->clearAppProfiles(package_name_,
		"../../../../dalvik-cache/arm64/"
		"system@app@SecureElement@SecureElement.apk@classes.vdex"));
		ASSERT_BINDER_FAIL(service_->clearAppProfiles(package_name_, "image_editor.split.apk"));
		}

		TEST_F(ProfileTest, CopySystemProfileOk) {
		LOG(INFO) << "CopySystemProfileOk";