diff options
| author | MÃ¥rten Kongstad <marten.kongstad@sony.com> | 2019-01-14 10:03:53 +0100 |
|---|---|---|
| committer | Todd Kennedy <toddke@google.com> | 2019-01-18 10:05:48 -0800 |
| commit | 1da49dc9b4f5605990f600e15f6f3c584fe2c0dc (patch) | |
| tree | 4b2257c309d93e4aafbf07a4a13a0b9347b7d760 /cmds/idmap2/idmap2d/Idmap2Service.cpp | |
| parent | 793f1a793c2b9cd8f7356b83b8a2e5fd8d444e9b (diff) | |
idmap2: lock down write access to /data/resouce-cache
Deny write access to /data/resource-cache for UIDs other than root and
system. While this is already handled by SELinux rules, add an
additional layer of security to explicitly prevent malicious apps from
messing with the system's idmap files.
Test: make idmap2_tests
Change-Id: Id986633558d5d02452276f05f64337a8700f148a
Diffstat (limited to 'cmds/idmap2/idmap2d/Idmap2Service.cpp')
| -rw-r--r-- | cmds/idmap2/idmap2d/Idmap2Service.cpp | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/cmds/idmap2/idmap2d/Idmap2Service.cpp b/cmds/idmap2/idmap2d/Idmap2Service.cpp index a3c752718ee2..f30ce9b08d6e 100644 --- a/cmds/idmap2/idmap2d/Idmap2Service.cpp +++ b/cmds/idmap2/idmap2d/Idmap2Service.cpp @@ -27,6 +27,7 @@ #include "android-base/macros.h" #include "android-base/stringprintf.h" +#include "binder/IPCThreadState.h" #include "utils/String8.h" #include "utils/Trace.h" @@ -38,18 +39,19 @@ #include "idmap2d/Idmap2Service.h" +using android::IPCThreadState; using android::binder::Status; using android::idmap2::BinaryStreamVisitor; using android::idmap2::Idmap; using android::idmap2::IdmapHeader; using android::idmap2::PolicyBitmask; using android::idmap2::Result; +using android::idmap2::utils::kIdmapCacheDir; using android::idmap2::utils::kIdmapFilePermissionMask; +using android::idmap2::utils::UidHasWriteAccessToPath; namespace { -constexpr const char* kIdmapCacheDir = "/data/resource-cache"; - Status ok() { return Status::ok(); } @@ -77,7 +79,13 @@ Status Idmap2Service::getIdmapPath(const std::string& overlay_apk_path, Status Idmap2Service::removeIdmap(const std::string& overlay_apk_path, int32_t user_id ATTRIBUTE_UNUSED, bool* _aidl_return) { assert(_aidl_return); + const uid_t uid = IPCThreadState::self()->getCallingUid(); const std::string idmap_path = Idmap::CanonicalIdmapPathFor(kIdmapCacheDir, overlay_apk_path); + if (!UidHasWriteAccessToPath(uid, idmap_path)) { + *_aidl_return = false; + return error(base::StringPrintf("failed to unlink %s: calling uid %d lacks write access", + idmap_path.c_str(), uid)); + } if (unlink(idmap_path.c_str()) != 0) { *_aidl_return = false; return error("failed to unlink " + idmap_path + ": " + strerror(errno)); @@ -118,6 +126,13 @@ Status Idmap2Service::createIdmap(const std::string& target_apk_path, const PolicyBitmask policy_bitmask = ConvertAidlArgToPolicyBitmask(fulfilled_policies); + const std::string idmap_path = Idmap::CanonicalIdmapPathFor(kIdmapCacheDir, overlay_apk_path); + const uid_t uid = IPCThreadState::self()->getCallingUid(); + if (!UidHasWriteAccessToPath(uid, idmap_path)) { + return error(base::StringPrintf("will not write to %s: calling uid %d lacks write accesss", + idmap_path.c_str(), uid)); + } + const std::unique_ptr<const ApkAssets> target_apk = ApkAssets::Load(target_apk_path); if (!target_apk) { return error("failed to load apk " + target_apk_path); @@ -137,7 +152,6 @@ Status Idmap2Service::createIdmap(const std::string& target_apk_path, } umask(kIdmapFilePermissionMask); - const std::string idmap_path = Idmap::CanonicalIdmapPathFor(kIdmapCacheDir, overlay_apk_path); std::ofstream fout(idmap_path); if (fout.fail()) { return error("failed to open idmap path " + idmap_path); |