Change permissions of apps' home dir to 0700 for SDK > 23 (eecb2d20) · Commits · e / os / platform_frameworks_native

cmds/installd/commands.cpp

+8 −5

Original line number	Diff line number	Diff line
		@@ -51,12 +51,15 @@ namespace installd {

		static const char* kCpPath = "/system/bin/cp";

		#define MIN_RESTRICTED_HOME_SDK_VERSION 24 // > M

		int create_app_data(const char uuid, const char pkgname, userid_t userid, int flags,
		appid_t appid, const char* seinfo) {
		appid_t appid, const char* seinfo, int target_sdk_version) {
		uid_t uid = multiuser_get_uid(userid, appid);
		int target_mode = target_sdk_version >= MIN_RESTRICTED_HOME_SDK_VERSION ? 0700 : 0751;
		if (flags & FLAG_CE_STORAGE) {
		auto path = create_data_user_package_path(uuid, userid, pkgname);
		if (fs_prepare_dir_strict(path.c_str(), 0751, uid, uid) != 0) {
		if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) != 0) {
		PLOG(ERROR) << "Failed to prepare " << path;
		return -1;
		}
		@@ -67,7 +70,7 @@ int create_app_data(const char uuid, const char pkgname, userid_t userid, int
		}
		if (flags & FLAG_DE_STORAGE) {
		auto path = create_data_user_de_package_path(uuid, userid, pkgname);
		if (fs_prepare_dir_strict(path.c_str(), 0751, uid, uid) == -1) {
		if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) == -1) {
		PLOG(ERROR) << "Failed to prepare " << path;
		// TODO: include result once 25796509 is fixed
		return 0;
		@@ -121,7 +124,7 @@ int destroy_app_data(const char uuid, const char pkgname, userid_t userid, int
		}

		int move_complete_app(const char from_uuid, const char to_uuid, const char *package_name,
		const char data_app_name, appid_t appid, const char seinfo) {
		const char data_app_name, appid_t appid, const char seinfo, int target_sdk_version) {
		std::vector<userid_t> users = get_known_users(from_uuid);

		// Copy app
		@@ -176,7 +179,7 @@ int move_complete_app(const char from_uuid, const char to_uuid, const char *pa
		}

		if (create_app_data(to_uuid, package_name, user, FLAG_CE_STORAGE \| FLAG_DE_STORAGE,
		appid, seinfo) != 0) {
		appid, seinfo, target_sdk_version) != 0) {
		LOG(ERROR) << "Failed to create package target " << to;
		goto fail;
		}

cmds/installd/commands.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -29,14 +29,14 @@ namespace android {
		namespace installd {

		int create_app_data(const char uuid, const char pkgname, userid_t userid, int flags,
		appid_t appid, const char* seinfo);
		appid_t appid, const char* seinfo, int target_sdk_version);
		int restorecon_app_data(const char* uuid, const char* pkgName, userid_t userid, int flags,
		appid_t appid, const char* seinfo);
		int clear_app_data(const char uuid, const char pkgname, userid_t userid, int flags);
		int destroy_app_data(const char uuid, const char pkgname, userid_t userid, int flags);

		int move_complete_app(const char* from_uuid, const char to_uuid, const char package_name,
		const char data_app_name, appid_t appid, const char seinfo);
		const char data_app_name, appid_t appid, const char seinfo, int target_sdk_version);

		int get_app_size(const char uuid, const char pkgname, int userid, int flags,
		const char apkpath, const char libdirpath, const char *fwdlock_apkpath,

cmds/installd/installd.cpp

+9 −6

Original line number	Diff line number	Diff line
		@@ -190,8 +190,9 @@ static int do_ping(char **arg ATTRIBUTE_UNUSED, char reply[REPLY_MAX] ATTRIBUTE_

		static int do_create_app_data(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED) {
		/* const char uuid, const char pkgname, userid_t userid, int flags,
		appid_t appid, const char* seinfo */
		return create_app_data(parse_null(arg[0]), arg[1], atoi(arg[2]), atoi(arg[3]), atoi(arg[4]), arg[5]);
		appid_t appid, const char* seinfo, int target_sdk_version */
		return create_app_data(parse_null(arg[0]), arg[1], atoi(arg[2]), atoi(arg[3]),
		atoi(arg[4]), arg[5], atoi(arg[6]));
		}

		static int do_restorecon_app_data(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED) {
		@@ -256,8 +257,10 @@ static int do_get_app_size(char **arg, char reply[REPLY_MAX]) {

		static int do_move_complete_app(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED) {
		/* const char* from_uuid, const char to_uuid, const char package_name,
		const char data_app_name, appid_t appid, const char seinfo */
		return move_complete_app(parse_null(arg[0]), parse_null(arg[1]), arg[2], arg[3], atoi(arg[4]), arg[5]);
		const char data_app_name, appid_t appid, const char seinfo,
		int target_sdk_version */
		return move_complete_app(parse_null(arg[0]), parse_null(arg[1]), arg[2], arg[3],
		atoi(arg[4]), arg[5], atoi(arg[6]));
		}

		static int do_mk_user_config(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED)
		@@ -312,11 +315,11 @@ struct cmdinfo {
		struct cmdinfo cmds[] = {
		{ "ping", 0, do_ping },

		{ "create_app_data", 6, do_create_app_data },
		{ "create_app_data", 7, do_create_app_data },
		{ "restorecon_app_data", 6, do_restorecon_app_data },
		{ "clear_app_data", 4, do_clear_app_data },
		{ "destroy_app_data", 4, do_destroy_app_data },
		{ "move_complete_app", 6, do_move_complete_app },
		{ "move_complete_app", 7, do_move_complete_app },
		{ "get_app_size", 9, do_get_app_size },

		{ "dexopt", 7, do_dexopt },