Change permissions of apps' home dir to 0700 for SDK > 23
This patchset changes the installd such that apps' home
directory has permissions set to 0700 if build for a
target SDK version. In consequence the commands
create_app_data and move_complete_app
get one more parameter, the target SDK version.
Apps built for a lower SDK version will still have
home directories with permissions set to 0751.
Bug: 7208882
Change-Id: I0213834dd946c72f5d7e31965a9dc517ced268db
diff --git a/cmds/installd/commands.cpp b/cmds/installd/commands.cpp
index 7799ab9..4397730 100644
--- a/cmds/installd/commands.cpp
+++ b/cmds/installd/commands.cpp
@@ -51,12 +51,15 @@
static const char* kCpPath = "/system/bin/cp";
+#define MIN_RESTRICTED_HOME_SDK_VERSION 24 // > M
+
int create_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags,
- appid_t appid, const char* seinfo) {
+ appid_t appid, const char* seinfo, int target_sdk_version) {
uid_t uid = multiuser_get_uid(userid, appid);
+ int target_mode = target_sdk_version >= MIN_RESTRICTED_HOME_SDK_VERSION ? 0700 : 0751;
if (flags & FLAG_CE_STORAGE) {
auto path = create_data_user_package_path(uuid, userid, pkgname);
- if (fs_prepare_dir_strict(path.c_str(), 0751, uid, uid) != 0) {
+ if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) != 0) {
PLOG(ERROR) << "Failed to prepare " << path;
return -1;
}
@@ -67,7 +70,7 @@
}
if (flags & FLAG_DE_STORAGE) {
auto path = create_data_user_de_package_path(uuid, userid, pkgname);
- if (fs_prepare_dir_strict(path.c_str(), 0751, uid, uid) == -1) {
+ if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) == -1) {
PLOG(ERROR) << "Failed to prepare " << path;
// TODO: include result once 25796509 is fixed
return 0;
@@ -121,7 +124,7 @@
}
int move_complete_app(const char *from_uuid, const char *to_uuid, const char *package_name,
- const char *data_app_name, appid_t appid, const char* seinfo) {
+ const char *data_app_name, appid_t appid, const char* seinfo, int target_sdk_version) {
std::vector<userid_t> users = get_known_users(from_uuid);
// Copy app
@@ -176,7 +179,7 @@
}
if (create_app_data(to_uuid, package_name, user, FLAG_CE_STORAGE | FLAG_DE_STORAGE,
- appid, seinfo) != 0) {
+ appid, seinfo, target_sdk_version) != 0) {
LOG(ERROR) << "Failed to create package target " << to;
goto fail;
}
diff --git a/cmds/installd/commands.h b/cmds/installd/commands.h
index 5510e7b..b3ebc7d 100644
--- a/cmds/installd/commands.h
+++ b/cmds/installd/commands.h
@@ -29,14 +29,14 @@
namespace installd {
int create_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags,
- appid_t appid, const char* seinfo);
+ appid_t appid, const char* seinfo, int target_sdk_version);
int restorecon_app_data(const char* uuid, const char* pkgName, userid_t userid, int flags,
appid_t appid, const char* seinfo);
int clear_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags);
int destroy_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags);
int move_complete_app(const char* from_uuid, const char *to_uuid, const char *package_name,
- const char *data_app_name, appid_t appid, const char* seinfo);
+ const char *data_app_name, appid_t appid, const char* seinfo, int target_sdk_version);
int get_app_size(const char *uuid, const char *pkgname, int userid, int flags,
const char *apkpath, const char *libdirpath, const char *fwdlock_apkpath,
diff --git a/cmds/installd/installd.cpp b/cmds/installd/installd.cpp
index 31fd703..d90b211 100644
--- a/cmds/installd/installd.cpp
+++ b/cmds/installd/installd.cpp
@@ -190,8 +190,9 @@
static int do_create_app_data(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED) {
/* const char *uuid, const char *pkgname, userid_t userid, int flags,
- appid_t appid, const char* seinfo */
- return create_app_data(parse_null(arg[0]), arg[1], atoi(arg[2]), atoi(arg[3]), atoi(arg[4]), arg[5]);
+ appid_t appid, const char* seinfo, int target_sdk_version */
+ return create_app_data(parse_null(arg[0]), arg[1], atoi(arg[2]), atoi(arg[3]),
+ atoi(arg[4]), arg[5], atoi(arg[6]));
}
static int do_restorecon_app_data(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED) {
@@ -256,8 +257,10 @@
static int do_move_complete_app(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED) {
/* const char* from_uuid, const char *to_uuid, const char *package_name,
- const char *data_app_name, appid_t appid, const char* seinfo */
- return move_complete_app(parse_null(arg[0]), parse_null(arg[1]), arg[2], arg[3], atoi(arg[4]), arg[5]);
+ const char *data_app_name, appid_t appid, const char* seinfo,
+ int target_sdk_version */
+ return move_complete_app(parse_null(arg[0]), parse_null(arg[1]), arg[2], arg[3],
+ atoi(arg[4]), arg[5], atoi(arg[6]));
}
static int do_mk_user_config(char **arg, char reply[REPLY_MAX] ATTRIBUTE_UNUSED)
@@ -312,11 +315,11 @@
struct cmdinfo cmds[] = {
{ "ping", 0, do_ping },
- { "create_app_data", 6, do_create_app_data },
+ { "create_app_data", 7, do_create_app_data },
{ "restorecon_app_data", 6, do_restorecon_app_data },
{ "clear_app_data", 4, do_clear_app_data },
{ "destroy_app_data", 4, do_destroy_app_data },
- { "move_complete_app", 6, do_move_complete_app },
+ { "move_complete_app", 7, do_move_complete_app },
{ "get_app_size", 9, do_get_app_size },
{ "dexopt", 7, do_dexopt },