App home directories are now 0700 for targetSdkVersion > 17

Have installd set an app's home directory permissions to 0700 if the app has targetSdkVersion > 17. Bug: 7208882 Change-Id: Iaa4fc42fec69bc1abdfae53704d6264dd6fa965f
author: Nick Kralevich <nnk@google.com> 2012-12-12 16:26:55 -0800
committer: Nick Kralevich <nnk@google.com> 2012-12-14 11:53:14 -0800
commit: 7f5c84a0b25706746a92ad1233cbbb8923eda54d (patch)
tree: 424ba30ba9c63230c903eab815374cfb9bcdbeb3 /cmds
parent: 1aa652807b5135d7cf9c5f6eed2268c9aa4984e0 (diff)
download: frameworks_native-7f5c84a0b25706746a92ad1233cbbb8923eda54d.zip
frameworks_native-7f5c84a0b25706746a92ad1233cbbb8923eda54d.tar.gz
frameworks_native-7f5c84a0b25706746a92ad1233cbbb8923eda54d.tar.bz2
4 files changed, 29 insertions, 15 deletions
diff --git a/cmds/installd/Android.mk b/cmds/installd/Android.mk
index 1dd4ee5..6eecb20 100644
--- a/cmds/installd/Android.mk
+++ b/cmds/installd/Android.mk
@@ -11,9 +11,8 @@ include $(CLEAR_VARS)
 
 LOCAL_SRC_FILES := \
     $(common_src_files)
-
+LOCAL_CFLAGS := -std=gnu99
 LOCAL_MODULE := libinstalld
-
 LOCAL_MODULE_TAGS := eng tests
 
 include $(BUILD_STATIC_LIBRARY)
@@ -36,7 +35,7 @@ LOCAL_STATIC_LIBRARIES := \
     libdiskusage
 
 LOCAL_MODULE := installd
-
+LOCAL_CFLAGS := -std=gnu99
 LOCAL_MODULE_TAGS := optional
 
 include $(BUILD_EXECUTABLE)
diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c
index c272e47..e22fa6a 100644
--- a/cmds/installd/commands.c
+++ b/cmds/installd/commands.c
@@ -28,13 +28,15 @@ dir_rec_t android_app_lib_dir;
 dir_rec_t android_media_dir;
 dir_rec_array_t android_system_dirs;
 
-int install(const char *pkgname, uid_t uid, gid_t gid)
+int install(const char *pkgname, uid_t uid, gid_t gid, bool restrictHomeDir)
 {
     char pkgdir[PKG_PATH_MAX];
     char libsymlink[PKG_PATH_MAX];
     char applibdir[PKG_PATH_MAX];
     struct stat libStat;
 
+    mode_t defaultMode = restrictHomeDir ? 0700 : 0751;
+
     if ((uid < AID_SYSTEM) || (gid < AID_SYSTEM)) {
         ALOGE("invalid uid/gid: %d %d\n", uid, gid);
         return -1;
@@ -55,11 +57,11 @@ int install(const char *pkgname, uid_t uid, gid_t gid)
         return -1;
     }
 
-    if (mkdir(pkgdir, 0751) < 0) {
+    if (mkdir(pkgdir, defaultMode) < 0) {
         ALOGE("cannot create dir '%s': %s\n", pkgdir, strerror(errno));
         return -1;
     }
-    if (chmod(pkgdir, 0751) < 0) {
+    if (chmod(pkgdir, defaultMode) < 0) {
         ALOGE("cannot chmod dir '%s': %s\n", pkgdir, strerror(errno));
         unlink(pkgdir);
         return -1;
@@ -184,13 +186,15 @@ int delete_user_data(const char *pkgname, uid_t persona)
     return delete_dir_contents(pkgdir, 0, "lib");
 }
 
-int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona, bool restrictHomeDir)
 {
     char pkgdir[PKG_PATH_MAX];
     char applibdir[PKG_PATH_MAX];
     char libsymlink[PKG_PATH_MAX];
     struct stat libStat;
 
+    mode_t defaultMode = restrictHomeDir ? 0700 : 0751;
+
     // Create the data dir for the package
     if (create_pkg_path(pkgdir, pkgname, PKG_DIR_POSTFIX, persona)) {
         return -1;
@@ -204,11 +208,11 @@ int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
         return -1;
     }
 
-    if (mkdir(pkgdir, 0751) < 0) {
+    if (mkdir(pkgdir, defaultMode) < 0) {
         ALOGE("cannot create dir '%s': %s\n", pkgdir, strerror(errno));
         return -errno;
     }
-    if (chmod(pkgdir, 0751) < 0) {
+    if (chmod(pkgdir, defaultMode) < 0) {
         ALOGE("cannot chmod dir '%s': %s\n", pkgdir, strerror(errno));
         unlink(pkgdir);
         return -errno;
diff --git a/cmds/installd/installd.c b/cmds/installd/installd.c
index 2285e79..bf21102 100644
--- a/cmds/installd/installd.c
+++ b/cmds/installd/installd.c
@@ -31,7 +31,11 @@ static int do_ping(char **arg, char reply[REPLY_MAX])
 
 static int do_install(char **arg, char reply[REPLY_MAX])
 {
-    return install(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, gid */
+    bool restrictHomeDir = (strncmp(arg[3], "false", 6) != 0);
+    return install(arg[0],           /* pkgname */
+                   atoi(arg[1]),     /* uid */
+                   atoi(arg[2]),     /* gid */
+                   restrictHomeDir); /* restrictHomeDir */
 }
 
 static int do_dexopt(char **arg, char reply[REPLY_MAX])
@@ -103,7 +107,11 @@ static int do_rm_user_data(char **arg, char reply[REPLY_MAX])
 
 static int do_mk_user_data(char **arg, char reply[REPLY_MAX])
 {
-    return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, userid */
+    bool restrictHomeDir = (strncmp(arg[3], "false", 6) != 0);
+    return make_user_data(arg[0],           /* pkgname */
+                          atoi(arg[1]),     /* uid */
+                          atoi(arg[2]),     /* userid */
+                          restrictHomeDir); /* restrictHomeDir */
 }
 
 static int do_rm_user(char **arg, char reply[REPLY_MAX])
@@ -129,7 +137,7 @@ struct cmdinfo {
 
 struct cmdinfo cmds[] = {
     { "ping",                 0, do_ping },
-    { "install",              3, do_install },
+    { "install",              4, do_install },
     { "dexopt",               3, do_dexopt },
     { "movedex",              2, do_move_dex },
     { "rmdex",                1, do_rm_dex },
@@ -142,7 +150,7 @@ struct cmdinfo cmds[] = {
     { "rmuserdata",           2, do_rm_user_data },
     { "movefiles",            0, do_movefiles },
     { "linklib",              3, do_linklib },
-    { "mkuserdata",           3, do_mk_user_data },
+    { "mkuserdata",           4, do_mk_user_data },
     { "rmuser",               1, do_rm_user },
 };
 
diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h
index efd3aa7..cf2bed6 100644
--- a/cmds/installd/installd.h
+++ b/cmds/installd/installd.h
@@ -20,6 +20,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
+#include <stdbool.h>
 #include <inttypes.h>
 #include <sys/stat.h>
 #include <dirent.h>
@@ -192,12 +193,14 @@ int ensure_media_user_dirs(userid_t userid);
 
 /* commands.c */
 
-int install(const char *pkgname, uid_t uid, gid_t gid);
+int install(const char *pkgname, uid_t uid, gid_t gid,
+            bool restrictHomeDirectory);
 int uninstall(const char *pkgname, uid_t persona);
 int renamepkg(const char *oldpkgname, const char *newpkgname);
 int fix_uid(const char *pkgname, uid_t uid, gid_t gid);
 int delete_user_data(const char *pkgname, uid_t persona);
-int make_user_data(const char *pkgname, uid_t uid, uid_t persona);
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona,
+                   bool restrictHomeDirectory);
 int delete_persona(uid_t persona);
 int delete_cache(const char *pkgname, uid_t persona);
 int move_dex(const char *src, const char *dst);
author	Nick Kralevich <nnk@google.com>	2012-12-12 16:26:55 -0800
committer	Nick Kralevich <nnk@google.com>	2012-12-14 11:53:14 -0800
commit	7f5c84a0b25706746a92ad1233cbbb8923eda54d (patch)
tree	424ba30ba9c63230c903eab815374cfb9bcdbeb3 /cmds
parent	1aa652807b5135d7cf9c5f6eed2268c9aa4984e0 (diff)
download	frameworks_native-7f5c84a0b25706746a92ad1233cbbb8923eda54d.zip frameworks_native-7f5c84a0b25706746a92ad1233cbbb8923eda54d.tar.gz frameworks_native-7f5c84a0b25706746a92ad1233cbbb8923eda54d.tar.bz2