Mark extracted dex files as read only

This is a poor protection from some attack against application that
would be made to overwrite their extracted secondary dex files.

The protection is poor because marking the dex files read only will
protect only some applications depending on their implementation.

Test: MultiDexLegacyVersionedTestApp
Bug: 32159214
Change-Id: I88c6fc72284f4e0b832dc4d840c9c636a1234638

1 files changed, 4 insertions, 0 deletions

diff --git a/library/src/android/support/multidex/MultiDexExtractor.java b/library/src/android/support/multidex/MultiDexExtractor.java
index 177279a..6d09245 100644
--- a/library/src/android/support/multidex/MultiDexExtractor.java
+++ b/library/src/android/support/multidex/MultiDexExtractor.java
@@ -356,6 +356,10 @@ final class MultiDexExtractor {
             } finally {
                 out.close();
             }
+            if (!tmp.setReadOnly()) {
+                throw new IOException("Failed to mark readonly \"" + tmp.getAbsolutePath() +
+                        "\" (tmp of \"" + extractTo.getAbsolutePath() + "\")");
+            }
             Log.i(TAG, "Renaming to " + extractTo.getPath());
             if (!tmp.renameTo(extractTo)) {
                 throw new IOException("Failed to rename \"" + tmp.getAbsolutePath() +