diff options
| author | Martijn Coenen <maco@google.com> | 2020-03-05 10:09:44 +0100 |
|---|---|---|
| committer | Martijn Coenen <maco@google.com> | 2020-03-05 10:25:43 +0100 |
| commit | 8e110ace65a3bde12f8803a1d0466b89049ef46e (patch) | |
| tree | e0ded9b240b3e3f139908dedb9962d19696844f7 /annotations/generate_annotated_java_files.py | |
| parent | 79a219edf2d6cd697059cf5bf7310de9c68a89e5 (diff) | |
Remove Android-specific change to override open() mask.
IoBridge.open() had an Android-specific change that expicitly sets the
mode passed in to open() to 0600 or even 0. This means that users of
this API (eg RandomAccessFile) create files that are not readable to
either the group or others.
Before Android R, this didn't matter much, because we had an in-kernel
filesystem (sdcardfs) that magically fixed up permissions. Devices
launching with Android R however can no longer use sdcardfs. This means
that when apps create files on storage, permissions need to be setup
correctly.
This is done in 2 ways:
1) All Android Java processes have a umask of 0077, which means that in
the absence of a default ACL, files that are created would anyway end up
with a mode of at most 0600.
2) Some directories on external storage, like Android/obb or
Android/media do have a default ACL, which ensures that files that apps
create there can still be read/written by the correct group.
It's important to point out that both the umask and the default ACL only
act as a mask for the permissions passed in to open(); that is, if you
call open with mode 0600, but the default ACL has 0660, the resulting
file will still only have mode 0600.
This change modifies IoBridge.open() to pass in mode 0666 when calling
open(). This is a no-op on all files without a default ACL, because in
that case the 0077 umask will effectively still result in a mode of
0600. The only place where it makes a difference is in places where we
have a default ACL that is wider than the umask, eg in Android/data on
devices without sdcardfs. In those cases, we have already made sure the
default ACL is secure and correct (it cannot be modified by apps).
This also makes IoBridge.open() consistent with say
File.createNewFile(), the underlying implementation of which also calls
open() with mode 0666, not 0600. Another example is File.mkdir(), which
calls mkdir(2) with mode 0777.
Bug: 150456744
Test: atest DrmTest
manually verify files created outside these dirs still have mode
0600
Change-Id: I676ff90d46a512a847d0f7aa7af782bdc8cc5c1e
Diffstat (limited to 'annotations/generate_annotated_java_files.py')
0 files changed, 0 insertions, 0 deletions