commit d7e9b0fdc7e2c461973e34568fbca8f5bd0c0373
author Kevin Chyn <kchyn@google.com> Fri Apr 07 14:39:50 2017 -0700
committer Kevin Chyn <kchyn@google.com> Fri Apr 14 14:10:19 2017 -0700
tree 8ee12e0e4c00df2361e4e947471248ac529ddc67
parent 5ed473340c9f737df85eee367157dcdaf690d9b0

setActiveGroup null, 0 length, unwritable dir should fail

with this change, VTS test needs to run in /data/system/
due to SELinux policy + Linux directory permissions

Test: run VTS tests and make sure they all pass
Fixes 37153318

Change-Id: Ib1f19ce7fc0d08ae2941aec5c08c5857c7a9f2fd

biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp

diff --git a/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp b/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp
index 5b00675..83c7de8 100644
--- a/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp
+++ b/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp
@@ -25,6 +25,7 @@
 #include "BiometricsFingerprint.h"
 
 #include <inttypes.h>
+#include <unistd.h>
 
 namespace android {
 namespace hardware {
@@ -189,7 +190,12 @@
         const hidl_string& storePath) {
     if (storePath.size() >= PATH_MAX || storePath.size() <= 0) {
         ALOGE("Bad path length: %zd", storePath.size());
+        return RequestStatus::SYS_EINVAL;
     }
+    if (access(storePath.c_str(), W_OK)) {
+        return RequestStatus::SYS_EINVAL;
+    }
+
     return ErrorFilter(mDevice->set_active_group(mDevice, gid,
                                                     storePath.c_str()));
 }

biometrics/fingerprint/2.1/vts/functional/VtsHalBiometricsFingerprintV2_1TargetTest.cpp

diff --git a/biometrics/fingerprint/2.1/vts/functional/VtsHalBiometricsFingerprintV2_1TargetTest.cpp b/biometrics/fingerprint/2.1/vts/functional/VtsHalBiometricsFingerprintV2_1TargetTest.cpp
index d3f6612..29776b4 100644
--- a/biometrics/fingerprint/2.1/vts/functional/VtsHalBiometricsFingerprintV2_1TargetTest.cpp
+++ b/biometrics/fingerprint/2.1/vts/functional/VtsHalBiometricsFingerprintV2_1TargetTest.cpp
@@ -43,7 +43,7 @@
 static const uint32_t kTimeout = 3;
 static const std::chrono::seconds kTimeoutInSeconds = std::chrono::seconds(kTimeout);
 static const uint32_t kGroupId = 99;
-static const std::string kTmpDir = "/data/local/tmp/";
+static const std::string kTmpDir = "/data/system/";
 static const uint32_t kIterations = 1000;
 
 // Wait for a callback to occur (signaled by the given future) up to the
@@ -186,6 +186,8 @@
     ASSERT_FALSE(mService == nullptr);
 
     // Create an active group
+    // FP service can only write to /data/system due to
+    // SELinux Policy and Linux Dir Permissions
     Return<RequestStatus> res = mService->setActiveGroup(kGroupId, kTmpDir);
     ASSERT_EQ(RequestStatus::SYS_OK, static_cast<RequestStatus>(res));
   }