diff options
author | Sanjana Sunil <sanjanasunil@google.com> | 2022-03-15 10:14:36 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2022-03-15 10:14:36 +0000 |
commit | 66da82fbe014130eaa546836fef2d3967fdb6cd0 (patch) | |
tree | d48961a0d832184301cfd31e8d745f4796db344f /cmds | |
parent | 057ffe1eab878d1f48c8ac4a53562d4d733b7a86 (diff) | |
parent | 431d92181847a7da3679a8cdd7d545441803d101 (diff) | |
download | native-66da82fbe014130eaa546836fef2d3967fdb6cd0.tar.gz |
Merge "Ensure subdirectories of sdk data inherit group id of parent" into tm-dev
Diffstat (limited to 'cmds')
-rw-r--r-- | cmds/installd/InstalldNativeService.cpp | 4 | ||||
-rw-r--r-- | cmds/installd/tests/installd_service_test.cpp | 22 |
2 files changed, 14 insertions, 12 deletions
diff --git a/cmds/installd/InstalldNativeService.cpp b/cmds/installd/InstalldNativeService.cpp index 77bed0e605..ab044aba8f 100644 --- a/cmds/installd/InstalldNativeService.cpp +++ b/cmds/installd/InstalldNativeService.cpp @@ -787,7 +787,7 @@ binder::Status InstalldNativeService::createSdkSandboxDataPackageDirectory( StringPrintf("cacheGid cannot be -1 for sdksandbox data")); } auto status = createAppDataDirs(sharedPath, sdkSandboxUid, AID_NOBODY, - &previousSdkSandboxUid, cacheGid, seInfo, 0700); + &previousSdkSandboxUid, cacheGid, seInfo, 0700 | S_ISGID); if (!status.isOk()) { return status; } @@ -967,7 +967,7 @@ binder::Status InstalldNativeService::reconcileSdkData( const int32_t sandboxUid = multiuser_get_sdk_sandbox_uid(userId, appId); int32_t previousSandboxUid = multiuser_get_sdk_sandbox_uid(userId, previousAppId); auto status = createAppDataDirs(path, sandboxUid, AID_NOBODY, &previousSandboxUid, - cacheGid, seInfo, 0700); + cacheGid, seInfo, 0700 | S_ISGID); if (!status.isOk()) { res = status; continue; diff --git a/cmds/installd/tests/installd_service_test.cpp b/cmds/installd/tests/installd_service_test.cpp index 04558d5b07..672ca7f52b 100644 --- a/cmds/installd/tests/installd_service_test.cpp +++ b/cmds/installd/tests/installd_service_test.cpp @@ -1051,7 +1051,8 @@ TEST_F(SdkSandboxDataTest, CreateAppData_CreatesSdkPackageData) { const std::string fooCePath = "misc_ce/0/sdksandbox/com.foo"; CheckFileAccess(fooCePath, kSystemUid, kSystemUid, S_IFDIR | 0751); - CheckFileAccess(fooCePath + "/shared", kTestSdkSandboxUid, kNobodyUid, S_IFDIR | 0700); + CheckFileAccess(fooCePath + "/shared", kTestSdkSandboxUid, kNobodyUid, + S_IFDIR | S_ISGID | 0700); CheckFileAccess(fooCePath + "/shared/cache", kTestSdkSandboxUid, kTestCacheGid, S_IFDIR | S_ISGID | 0771); CheckFileAccess(fooCePath + "/shared/code_cache", kTestSdkSandboxUid, kTestCacheGid, @@ -1059,7 +1060,8 @@ TEST_F(SdkSandboxDataTest, CreateAppData_CreatesSdkPackageData) { const std::string fooDePath = "misc_de/0/sdksandbox/com.foo"; CheckFileAccess(fooDePath, kSystemUid, kSystemUid, S_IFDIR | 0751); - CheckFileAccess(fooDePath + "/shared", kTestSdkSandboxUid, kNobodyUid, S_IFDIR | 0700); + CheckFileAccess(fooDePath + "/shared", kTestSdkSandboxUid, kNobodyUid, + S_IFDIR | S_ISGID | 0700); CheckFileAccess(fooDePath + "/shared/cache", kTestSdkSandboxUid, kTestCacheGid, S_IFDIR | S_ISGID | 0771); CheckFileAccess(fooDePath + "/shared/code_cache", kTestSdkSandboxUid, kTestCacheGid, @@ -1130,28 +1132,28 @@ TEST_F(SdkSandboxDataTest, ReconcileSdkData) { ASSERT_BINDER_SUCCESS(service->reconcileSdkData(args)); const std::string barCePath = "misc_ce/0/sdksandbox/com.foo/bar@random1"; - CheckFileAccess(barCePath, kTestSdkSandboxUid, kNobodyUid, S_IFDIR | 0700); + CheckFileAccess(barCePath, kTestSdkSandboxUid, kNobodyUid, S_IFDIR | S_ISGID | 0700); CheckFileAccess(barCePath + "/cache", kTestSdkSandboxUid, kTestCacheGid, S_IFDIR | S_ISGID | 0771); CheckFileAccess(barCePath + "/code_cache", kTestSdkSandboxUid, kTestCacheGid, S_IFDIR | S_ISGID | 0771); const std::string bazCePath = "misc_ce/0/sdksandbox/com.foo/baz@random2"; - CheckFileAccess(bazCePath, kTestSdkSandboxUid, kNobodyUid, S_IFDIR | 0700); + CheckFileAccess(bazCePath, kTestSdkSandboxUid, kNobodyUid, S_IFDIR | S_ISGID | 0700); CheckFileAccess(bazCePath + "/cache", kTestSdkSandboxUid, kTestCacheGid, S_IFDIR | S_ISGID | 0771); CheckFileAccess(bazCePath + "/code_cache", kTestSdkSandboxUid, kTestCacheGid, S_IFDIR | S_ISGID | 0771); const std::string barDePath = "misc_de/0/sdksandbox/com.foo/bar@random1"; - CheckFileAccess(barDePath, kTestSdkSandboxUid, kNobodyUid, S_IFDIR | 0700); + CheckFileAccess(barDePath, kTestSdkSandboxUid, kNobodyUid, S_IFDIR | S_ISGID | 0700); CheckFileAccess(barDePath + "/cache", kTestSdkSandboxUid, kTestCacheGid, S_IFDIR | S_ISGID | 0771); CheckFileAccess(barDePath + "/code_cache", kTestSdkSandboxUid, kTestCacheGid, S_IFDIR | S_ISGID | 0771); const std::string bazDePath = "misc_de/0/sdksandbox/com.foo/baz@random2"; - CheckFileAccess(bazDePath, kTestSdkSandboxUid, kNobodyUid, S_IFDIR | 0700); + CheckFileAccess(bazDePath, kTestSdkSandboxUid, kNobodyUid, S_IFDIR | S_ISGID | 0700); CheckFileAccess(bazDePath + "/cache", kTestSdkSandboxUid, kTestCacheGid, S_IFDIR | S_ISGID | 0771); CheckFileAccess(bazDePath + "/code_cache", kTestSdkSandboxUid, kTestCacheGid, @@ -1194,9 +1196,9 @@ TEST_F(SdkSandboxDataTest, ReconcileSdkData_DirectoryNotCreatedIfAlreadyExistsIg // Previous directories from first attempt should exist CheckFileAccess("misc_ce/0/sdksandbox/com.foo/bar@random1", kTestSdkSandboxUid, kNobodyUid, - S_IFDIR | 0700); + S_IFDIR | S_ISGID | 0700); CheckFileAccess("misc_ce/0/sdksandbox/com.foo/baz@random2", kTestSdkSandboxUid, kNobodyUid, - S_IFDIR | 0700); + S_IFDIR | S_ISGID | 0700); // No new directories should be created on second attempt ASSERT_FALSE(exists("/data/local/tmp/misc_ce/0/sdksandbox/com.foo/bar@r10")); ASSERT_FALSE(exists("/data/local/tmp/misc_de/0/sdksandbox/com.foo/bar@r20")); @@ -1217,9 +1219,9 @@ TEST_F(SdkSandboxDataTest, ReconcileSdkData_ExtraCodeDirectoriesAreDeleted) { // New directoris should exist CheckFileAccess("misc_ce/0/sdksandbox/com.foo/bar.diff@random1", kTestSdkSandboxUid, kNobodyUid, - S_IFDIR | 0700); + S_IFDIR | S_ISGID | 0700); CheckFileAccess("misc_ce/0/sdksandbox/com.foo/baz@random2", kTestSdkSandboxUid, kNobodyUid, - S_IFDIR | 0700); + S_IFDIR | S_ISGID | 0700); // Directory for old unreferred sdksandbox package name should be removed ASSERT_FALSE(exists("/data/local/tmp/misc_ce/0/sdksandbox/com.foo/bar@random1")); } |