Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e6d7ad52 authored by Shubham Ajmera's avatar Shubham Ajmera Committed by Andreas Gampe
Browse files

Drop capabilities in reconcileSecondaryDexFiles 

... while unlinking oat files.

(cherry picked from commit e5afdb57)

Test: adb shell cmd package reconcile-secondary-dex-files \
      com.android.google.gms

Bug: 64461549
Merged-In: Ib2c59686233faab22088fc40a706736feb9964ee
Change-Id: Ib2c59686233faab22088fc40a706736feb9964ee
parent e1d9b28a

cmds/installd/dexopt.cpp

+42 −28
Original line number Diff line number Diff line
@@ -1820,14 +1820,25 @@ bool reconcile_secondary_dex_file(const std::string& dex_path, 
        return false;

    }



    // As a security measure we want to unlink art artifacts with the reduced capabilities

    // of the package user id. So we fork and drop capabilities in the child.

    pid_t pid = fork();

    if (pid == 0) {

        // The secondary dex does not exist anymore. Clear any generated files.

        char oat_path[PKG_PATH_MAX];

        char oat_dir[PKG_PATH_MAX];

        char oat_isa_dir[PKG_PATH_MAX];

        bool result = true;

        /* child -- drop privileges before continuing */

        drop_capabilities(uid);

        for (size_t i = 0; i < isas.size(); i++) {

        if (!create_secondary_dex_oat_layout(dex_path, isas[i], oat_dir, oat_isa_dir, oat_path)) {

            LOG(ERROR) << "Could not create secondary odex layout: " << dex_path;

            if (!create_secondary_dex_oat_layout(dex_path,

                                                 isas[i],

                                                 oat_dir,

                                                 oat_isa_dir,

                                                 oat_path)) {

                LOG(ERROR) << "Could not create secondary odex layout: "

                           << dex_path;

                result = false;

                continue;

            }
@@ -1854,8 +1865,11 @@ bool reconcile_secondary_dex_file(const std::string& dex_path, 
            result = rmdir_if_empty(oat_isa_dir) && result;

            result = rmdir_if_empty(oat_dir) && result;

        }

        result ? _exit(0) : _exit(1);

    }



    return result;

    int return_code = wait_child(pid);

    return return_code == 0;

}



// Helper for move_ab, so that we can have common failure-case cleanup.