From: Janis Danisevskis Date: Tue, 12 Jan 2016 14:45:55 +0000 (+0000) Subject: Change permissions of apps' home dir to 0700 for SDK > 23 X-Git-Tag: android-x86-7.1-r1~612 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=eecb2d205366351af42fd0cd9e1a95de3980764e;p=android-x86%2Fframeworks-native.git Change permissions of apps' home dir to 0700 for SDK > 23 This patchset changes the installd such that apps' home directory has permissions set to 0700 if build for a target SDK version. In consequence the commands create_app_data and move_complete_app get one more parameter, the target SDK version. Apps built for a lower SDK version will still have home directories with permissions set to 0751. Bug: 7208882 Change-Id: I0213834dd946c72f5d7e31965a9dc517ced268db --- diff --git a/cmds/installd/commands.cpp b/cmds/installd/commands.cpp index 7799ab9124..4397730d33 100644 --- a/cmds/installd/commands.cpp +++ b/cmds/installd/commands.cpp @@ -51,12 +51,15 @@ namespace installd { static const char* kCpPath = "/system/bin/cp"; +#define MIN_RESTRICTED_HOME_SDK_VERSION 24 // > M + int create_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags, - appid_t appid, const char* seinfo) { + appid_t appid, const char* seinfo, int target_sdk_version) { uid_t uid = multiuser_get_uid(userid, appid); + int target_mode = target_sdk_version >= MIN_RESTRICTED_HOME_SDK_VERSION ? 0700 : 0751; if (flags & FLAG_CE_STORAGE) { auto path = create_data_user_package_path(uuid, userid, pkgname); - if (fs_prepare_dir_strict(path.c_str(), 0751, uid, uid) != 0) { + if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) != 0) { PLOG(ERROR) << "Failed to prepare " << path; return -1; } @@ -67,7 +70,7 @@ int create_app_data(const char *uuid, const char *pkgname, userid_t userid, int } if (flags & FLAG_DE_STORAGE) { auto path = create_data_user_de_package_path(uuid, userid, pkgname); - if (fs_prepare_dir_strict(path.c_str(), 0751, uid, uid) == -1) { + if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) == -1) { PLOG(ERROR) << "Failed to prepare " << path; // TODO: include result once 25796509 is fixed return 0; @@ -121,7 +124,7 @@ int destroy_app_data(const char *uuid, const char *pkgname, userid_t userid, int } int move_complete_app(const char *from_uuid, const char *to_uuid, const char *package_name, - const char *data_app_name, appid_t appid, const char* seinfo) { + const char *data_app_name, appid_t appid, const char* seinfo, int target_sdk_version) { std::vector users = get_known_users(from_uuid); // Copy app @@ -176,7 +179,7 @@ int move_complete_app(const char *from_uuid, const char *to_uuid, const char *pa } if (create_app_data(to_uuid, package_name, user, FLAG_CE_STORAGE | FLAG_DE_STORAGE, - appid, seinfo) != 0) { + appid, seinfo, target_sdk_version) != 0) { LOG(ERROR) << "Failed to create package target " << to; goto fail; } diff --git a/cmds/installd/commands.h b/cmds/installd/commands.h index 5510e7be67..b3ebc7d0f5 100644 --- a/cmds/installd/commands.h +++ b/cmds/installd/commands.h @@ -29,14 +29,14 @@ namespace android { namespace installd { int create_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags, - appid_t appid, const char* seinfo); + appid_t appid, const char* seinfo, int target_sdk_version); int restorecon_app_data(const char* uuid, const char* pkgName, userid_t userid, int flags, appid_t appid, const char* seinfo); int clear_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags); int destroy_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags); int move_complete_app(const char* from_uuid, const char *to_uuid, const char *package_name, - const char *data_app_name, appid_t appid, const char* seinfo); + const char *data_app_name, appid_t appid, const char* seinfo, int target_sdk_version); int get_app_size(const char *uuid, const char *pkgname, int userid, int flags, const char *apkpath, const char *libdirpath, const char *fwdlock_apkpath, diff --git a/cmds/installd/installd.cpp b/cmds/installd/installd.cpp index 31fd7038ad..d90b211583 100644 --- a/cmds/installd/installd.cpp +++ b/cmds/installd/installd.cpp @@ -190,8 +190,9 @@ static int do_ping(char **arg ATTRIBUTE_UNUSED, char reply[REPLY_MAX] ATTRIBUTE_ static int do_create_app_data(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED) { /* const char *uuid, const char *pkgname, userid_t userid, int flags, - appid_t appid, const char* seinfo */ - return create_app_data(parse_null(arg[0]), arg[1], atoi(arg[2]), atoi(arg[3]), atoi(arg[4]), arg[5]); + appid_t appid, const char* seinfo, int target_sdk_version */ + return create_app_data(parse_null(arg[0]), arg[1], atoi(arg[2]), atoi(arg[3]), + atoi(arg[4]), arg[5], atoi(arg[6])); } static int do_restorecon_app_data(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED) { @@ -256,8 +257,10 @@ static int do_get_app_size(char **arg, char reply[REPLY_MAX]) { static int do_move_complete_app(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED) { /* const char* from_uuid, const char *to_uuid, const char *package_name, - const char *data_app_name, appid_t appid, const char* seinfo */ - return move_complete_app(parse_null(arg[0]), parse_null(arg[1]), arg[2], arg[3], atoi(arg[4]), arg[5]); + const char *data_app_name, appid_t appid, const char* seinfo, + int target_sdk_version */ + return move_complete_app(parse_null(arg[0]), parse_null(arg[1]), arg[2], arg[3], + atoi(arg[4]), arg[5], atoi(arg[6])); } static int do_mk_user_config(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED) @@ -312,11 +315,11 @@ struct cmdinfo { struct cmdinfo cmds[] = { { "ping", 0, do_ping }, - { "create_app_data", 6, do_create_app_data }, + { "create_app_data", 7, do_create_app_data }, { "restorecon_app_data", 6, do_restorecon_app_data }, { "clear_app_data", 4, do_clear_app_data }, { "destroy_app_data", 4, do_destroy_app_data }, - { "move_complete_app", 6, do_move_complete_app }, + { "move_complete_app", 7, do_move_complete_app }, { "get_app_size", 9, do_get_app_size }, { "dexopt", 7, do_dexopt },