App home directories are now 0700 for targetSdkVersion > 17
Have installd set an app's home directory permissions to
0700 if the app has targetSdkVersion > 17.
Bug: 7208882
Change-Id: Iaa4fc42fec69bc1abdfae53704d6264dd6fa965f
diff --git a/cmds/installd/Android.mk b/cmds/installd/Android.mk
index 1dd4ee5..6eecb20 100644
--- a/cmds/installd/Android.mk
+++ b/cmds/installd/Android.mk
@@ -11,9 +11,8 @@
LOCAL_SRC_FILES := \
$(common_src_files)
-
+LOCAL_CFLAGS := -std=gnu99
LOCAL_MODULE := libinstalld
-
LOCAL_MODULE_TAGS := eng tests
include $(BUILD_STATIC_LIBRARY)
@@ -36,7 +35,7 @@
libdiskusage
LOCAL_MODULE := installd
-
+LOCAL_CFLAGS := -std=gnu99
LOCAL_MODULE_TAGS := optional
include $(BUILD_EXECUTABLE)
diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c
index c272e47..e22fa6a 100644
--- a/cmds/installd/commands.c
+++ b/cmds/installd/commands.c
@@ -28,13 +28,15 @@
dir_rec_t android_media_dir;
dir_rec_array_t android_system_dirs;
-int install(const char *pkgname, uid_t uid, gid_t gid)
+int install(const char *pkgname, uid_t uid, gid_t gid, bool restrictHomeDir)
{
char pkgdir[PKG_PATH_MAX];
char libsymlink[PKG_PATH_MAX];
char applibdir[PKG_PATH_MAX];
struct stat libStat;
+ mode_t defaultMode = restrictHomeDir ? 0700 : 0751;
+
if ((uid < AID_SYSTEM) || (gid < AID_SYSTEM)) {
ALOGE("invalid uid/gid: %d %d\n", uid, gid);
return -1;
@@ -55,11 +57,11 @@
return -1;
}
- if (mkdir(pkgdir, 0751) < 0) {
+ if (mkdir(pkgdir, defaultMode) < 0) {
ALOGE("cannot create dir '%s': %s\n", pkgdir, strerror(errno));
return -1;
}
- if (chmod(pkgdir, 0751) < 0) {
+ if (chmod(pkgdir, defaultMode) < 0) {
ALOGE("cannot chmod dir '%s': %s\n", pkgdir, strerror(errno));
unlink(pkgdir);
return -1;
@@ -184,13 +186,15 @@
return delete_dir_contents(pkgdir, 0, "lib");
}
-int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona, bool restrictHomeDir)
{
char pkgdir[PKG_PATH_MAX];
char applibdir[PKG_PATH_MAX];
char libsymlink[PKG_PATH_MAX];
struct stat libStat;
+ mode_t defaultMode = restrictHomeDir ? 0700 : 0751;
+
// Create the data dir for the package
if (create_pkg_path(pkgdir, pkgname, PKG_DIR_POSTFIX, persona)) {
return -1;
@@ -204,11 +208,11 @@
return -1;
}
- if (mkdir(pkgdir, 0751) < 0) {
+ if (mkdir(pkgdir, defaultMode) < 0) {
ALOGE("cannot create dir '%s': %s\n", pkgdir, strerror(errno));
return -errno;
}
- if (chmod(pkgdir, 0751) < 0) {
+ if (chmod(pkgdir, defaultMode) < 0) {
ALOGE("cannot chmod dir '%s': %s\n", pkgdir, strerror(errno));
unlink(pkgdir);
return -errno;
diff --git a/cmds/installd/installd.c b/cmds/installd/installd.c
index 2285e79..bf21102 100644
--- a/cmds/installd/installd.c
+++ b/cmds/installd/installd.c
@@ -31,7 +31,11 @@
static int do_install(char **arg, char reply[REPLY_MAX])
{
- return install(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, gid */
+ bool restrictHomeDir = (strncmp(arg[3], "false", 6) != 0);
+ return install(arg[0], /* pkgname */
+ atoi(arg[1]), /* uid */
+ atoi(arg[2]), /* gid */
+ restrictHomeDir); /* restrictHomeDir */
}
static int do_dexopt(char **arg, char reply[REPLY_MAX])
@@ -103,7 +107,11 @@
static int do_mk_user_data(char **arg, char reply[REPLY_MAX])
{
- return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, userid */
+ bool restrictHomeDir = (strncmp(arg[3], "false", 6) != 0);
+ return make_user_data(arg[0], /* pkgname */
+ atoi(arg[1]), /* uid */
+ atoi(arg[2]), /* userid */
+ restrictHomeDir); /* restrictHomeDir */
}
static int do_rm_user(char **arg, char reply[REPLY_MAX])
@@ -129,7 +137,7 @@
struct cmdinfo cmds[] = {
{ "ping", 0, do_ping },
- { "install", 3, do_install },
+ { "install", 4, do_install },
{ "dexopt", 3, do_dexopt },
{ "movedex", 2, do_move_dex },
{ "rmdex", 1, do_rm_dex },
@@ -142,7 +150,7 @@
{ "rmuserdata", 2, do_rm_user_data },
{ "movefiles", 0, do_movefiles },
{ "linklib", 3, do_linklib },
- { "mkuserdata", 3, do_mk_user_data },
+ { "mkuserdata", 4, do_mk_user_data },
{ "rmuser", 1, do_rm_user },
};
diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h
index efd3aa7..cf2bed6 100644
--- a/cmds/installd/installd.h
+++ b/cmds/installd/installd.h
@@ -20,6 +20,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
+#include <stdbool.h>
#include <inttypes.h>
#include <sys/stat.h>
#include <dirent.h>
@@ -192,12 +193,14 @@
/* commands.c */
-int install(const char *pkgname, uid_t uid, gid_t gid);
+int install(const char *pkgname, uid_t uid, gid_t gid,
+ bool restrictHomeDirectory);
int uninstall(const char *pkgname, uid_t persona);
int renamepkg(const char *oldpkgname, const char *newpkgname);
int fix_uid(const char *pkgname, uid_t uid, gid_t gid);
int delete_user_data(const char *pkgname, uid_t persona);
-int make_user_data(const char *pkgname, uid_t uid, uid_t persona);
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona,
+ bool restrictHomeDirectory);
int delete_persona(uid_t persona);
int delete_cache(const char *pkgname, uid_t persona);
int move_dex(const char *src, const char *dst);