Merge "Refuse to write optimized dex files to a non-private directory."

1 files changed, 16 insertions, 0 deletions

diff --git a/dalvik/src/main/java/dalvik/system/DexFile.java b/dalvik/src/main/java/dalvik/system/DexFile.java
index dc3e063..8db3985 100644
--- a/dalvik/src/main/java/dalvik/system/DexFile.java
+++ b/dalvik/src/main/java/dalvik/system/DexFile.java
@@ -20,6 +20,9 @@ import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.util.Enumeration;
+import libcore.io.ErrnoException;
+import libcore.io.Libcore;
+import libcore.io.StructStat;
 
 /**
  * Manipulates DEX files. The class is similar in principle to
@@ -90,6 +93,19 @@ public final class DexFile {
      *  Enable optional features.
      */
     private DexFile(String sourceName, String outputName, int flags) throws IOException {
+        if (outputName != null) {
+            try {
+                String parent = new File(outputName).getParent();
+                if (Libcore.os.getuid() != Libcore.os.stat(parent).st_uid) {
+                    throw new IllegalArgumentException("Optimized data directory " + parent
+                            + " is not owned by the current user. Shared storage cannot protect"
+                            + " your application from code injection attacks.");
+                }
+            } catch (ErrnoException ignored) {
+                // assume we'll fail with a more contextual error later
+            }
+        }
+
         mCookie = openDexFile(sourceName, outputName, flags);
         mFileName = sourceName;
         guard.open("close");