859db930c17d70f68a776724366cb6e91b0f974c - platform_device_qcom_sepolicy

commit	859db930c17d70f68a776724366cb6e91b0f974c	[log] [tgz]
author	Zim <zezeozue@google.com>	Fri Dec 13 00:09:17 2019 +0000
committer	Zim <zezeozue@google.com>	Fri Dec 13 10:46:56 2019 +0000
tree	32bd29dadb898945045e1adb2bb933b5021f77a4
parent	806b9206aa335407e45ebd07aeafe5e7793f88bd [diff]

Protect FUSE lookup requests

Previously, lookup requests would always succeed if the path exists
on disk.

Now, we fail lookups early if either the user in the path requested
doesn't match the calling uid or the FuseDaemon UID.

Test:  atest -c android.appsecurity.cts.ExternalStorageHostTest#testSecondaryUsersInaccessible
Bug: 135341433
Change-Id: I55f06f2cad3462c258fcb4024d84a8fa9e63c856

jni/FuseDaemon.cpp[diff]

1 file changed

tree: 32bd29dadb898945045e1adb2bb933b5021f77a4

apex/
jni/
res/
src/
tests/
tools/
.clang-format
Android.bp
AndroidManifest.xml
AndroidManifest_Legacy.xml
CleanSpec.mk
deploy.sh
logging.sh
MODULE_LICENSE_APACHE2
NOTICE
OWNERS
PREUPLOAD.cfg
proguard.flags
TEST_MAPPING