diff options
| author | Jesse Wilson <jessewilson@google.com> | 2012-01-06 17:01:37 -0500 |
|---|---|---|
| committer | Jesse Wilson <jessewilson@google.com> | 2012-01-06 17:45:36 -0500 |
| commit | 5c7fa7c36acddda7b7cc392ec360116b03e09880 (patch) | |
| tree | ef0de8f03458170c38c5d4d3b9f826ad478d2c15 /dalvik/src | |
| parent | 8530a5261f9b99632d1c6c41573020b6a18321ab (diff) | |
| download | libcore-5c7fa7c36acddda7b7cc392ec360116b03e09880.zip libcore-5c7fa7c36acddda7b7cc392ec360116b03e09880.tar.gz libcore-5c7fa7c36acddda7b7cc392ec360116b03e09880.tar.bz2 | |
Refuse to write optimized dex files to a non-private directory.
It's infeasible to test if other applications can write to a
given directory, particularly since directories like /sdcard/
are accessible to named groups like sdcard_rw. Instead we take
a shortcut and just test that the optimized directory is owned
by the current process.
I tested this manually; the '/data/data/vogar.test.java.StatTest/'
app directory could be successfully used but other directories
('/data', '/sdcard', '/') throw exceptions as expected.
Bug: http://b/4609061
Change-Id: Ia72b50aa3c73051b0c03c06c0bc7c0470f76b212
Diffstat (limited to 'dalvik/src')
| -rw-r--r-- | dalvik/src/main/java/dalvik/system/DexFile.java | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/dalvik/src/main/java/dalvik/system/DexFile.java b/dalvik/src/main/java/dalvik/system/DexFile.java index dc3e063..8db3985 100644 --- a/dalvik/src/main/java/dalvik/system/DexFile.java +++ b/dalvik/src/main/java/dalvik/system/DexFile.java @@ -20,6 +20,9 @@ import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.util.Enumeration; +import libcore.io.ErrnoException; +import libcore.io.Libcore; +import libcore.io.StructStat; /** * Manipulates DEX files. The class is similar in principle to @@ -90,6 +93,19 @@ public final class DexFile { * Enable optional features. */ private DexFile(String sourceName, String outputName, int flags) throws IOException { + if (outputName != null) { + try { + String parent = new File(outputName).getParent(); + if (Libcore.os.getuid() != Libcore.os.stat(parent).st_uid) { + throw new IllegalArgumentException("Optimized data directory " + parent + + " is not owned by the current user. Shared storage cannot protect" + + " your application from code injection attacks."); + } + } catch (ErrnoException ignored) { + // assume we'll fail with a more contextual error later + } + } + mCookie = openDexFile(sourceName, outputName, flags); mFileName = sourceName; guard.open("close"); |