diff options
author | Peter Collingbourne <pcc@google.com> | 2024-02-27 19:37:41 -0800 |
---|---|---|
committer | Peter Collingbourne <pcc@google.com> | 2024-03-08 16:38:23 -0800 |
commit | 92d60ac2ecc15c326e9fe25af35c5f86a70c20ad (patch) | |
tree | 788f5361e291dd53a34f6e4e2c0e6192b499751f | |
parent | 81d48288fba62bfd5325fbe7225d372676922136 (diff) | |
download | adb-92d60ac2ecc15c326e9fe25af35c5f86a70c20ad.tar.gz |
adb: Do not use fs_config unless we are root.
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
Bug: 171233429
Bug: 311263616
Change-Id: I3c75fbdceb0ce48ac340b7a181788f0e73b81d39
-rw-r--r-- | daemon/file_sync_service.cpp | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/daemon/file_sync_service.cpp b/daemon/file_sync_service.cpp index 5891d30e..a549beee 100644 --- a/daemon/file_sync_service.cpp +++ b/daemon/file_sync_service.cpp @@ -68,14 +68,9 @@ using android::base::Dirname; using android::base::Realpath; using android::base::StringPrintf; -static bool should_use_fs_config(const std::string& path) { -#if defined(__ANDROID__) - // TODO: use fs_config to configure permissions on /data too. - return !android::base::StartsWith(path, "/data/"); -#else - UNUSED(path); - return false; -#endif +static bool should_use_fs_config() { + // Only root has the necessary permissions to be able to apply fs_config. + return getuid() == 0; } static bool update_capabilities(const char* path, uint64_t capabilities) { @@ -119,7 +114,7 @@ static bool secure_mkdirs(const std::string& path) { } partial_path += path_component; - if (should_use_fs_config(partial_path)) { + if (should_use_fs_config()) { adbd_fs_config(partial_path.c_str(), 1, nullptr, &uid, &gid, &mode, &capabilities); } if (adb_mkdir(partial_path.c_str(), mode) == -1) { @@ -530,7 +525,7 @@ static bool send_impl(int s, const std::string& path, mode_t mode, CompressionTy uid_t uid = -1; gid_t gid = -1; uint64_t capabilities = 0; - if (should_use_fs_config(path) && !dry_run) { + if (should_use_fs_config() && !dry_run) { adbd_fs_config(path.c_str(), 0, nullptr, &uid, &gid, &mode, &capabilities); } |