diff options
author | Peter Collingbourne <pcc@google.com> | 2024-02-27 19:37:41 -0800 |
---|---|---|
committer | Peter Collingbourne <pcc@google.com> | 2024-03-29 15:13:13 -0700 |
commit | ba1f12119170f8edae8d17d905c2a27614a67f95 (patch) | |
tree | 569cc714b402aa956d1fa89ba40afbb466edf72e | |
parent | 19cd8dc9e1a8529804ecedd29714416db84cbe25 (diff) | |
download | adb-ba1f12119170f8edae8d17d905c2a27614a67f95.tar.gz |
adb: Do not use fs_config unless we are root (try 2).
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit fs_config,
such as /data/local/tmp or /tmp, use the original file mode.
Bug: 171233429
Bug: 311263616
Change-Id: Ied805bc3912ea0b4e1691127b5032aef632f85fd
-rw-r--r-- | daemon/file_sync_service.cpp | 18 | ||||
-rw-r--r-- | libs/libadbd_fs/adbd_fs.cpp | 19 | ||||
-rw-r--r-- | libs/libadbd_fs/include/adbd_fs.h | 2 |
3 files changed, 16 insertions, 23 deletions
diff --git a/daemon/file_sync_service.cpp b/daemon/file_sync_service.cpp index 5891d30e..ab20e582 100644 --- a/daemon/file_sync_service.cpp +++ b/daemon/file_sync_service.cpp @@ -68,16 +68,6 @@ using android::base::Dirname; using android::base::Realpath; using android::base::StringPrintf; -static bool should_use_fs_config(const std::string& path) { -#if defined(__ANDROID__) - // TODO: use fs_config to configure permissions on /data too. - return !android::base::StartsWith(path, "/data/"); -#else - UNUSED(path); - return false; -#endif -} - static bool update_capabilities(const char* path, uint64_t capabilities) { #if defined(__ANDROID__) if (capabilities == 0) { @@ -119,9 +109,7 @@ static bool secure_mkdirs(const std::string& path) { } partial_path += path_component; - if (should_use_fs_config(partial_path)) { - adbd_fs_config(partial_path.c_str(), 1, nullptr, &uid, &gid, &mode, &capabilities); - } + adbd_fs_config(partial_path.c_str(), true, nullptr, &uid, &gid, &mode, &capabilities); if (adb_mkdir(partial_path.c_str(), mode) == -1) { if (errno != EEXIST) { return false; @@ -530,8 +518,8 @@ static bool send_impl(int s, const std::string& path, mode_t mode, CompressionTy uid_t uid = -1; gid_t gid = -1; uint64_t capabilities = 0; - if (should_use_fs_config(path) && !dry_run) { - adbd_fs_config(path.c_str(), 0, nullptr, &uid, &gid, &mode, &capabilities); + if (!dry_run) { + adbd_fs_config(path.c_str(), false, nullptr, &uid, &gid, &mode, &capabilities); } result = handle_send_file(s, path.c_str(), ×tamp, uid, gid, capabilities, mode, diff --git a/libs/libadbd_fs/adbd_fs.cpp b/libs/libadbd_fs/adbd_fs.cpp index 8e62d40d..e2425ef3 100644 --- a/libs/libadbd_fs/adbd_fs.cpp +++ b/libs/libadbd_fs/adbd_fs.cpp @@ -17,14 +17,19 @@ #include <adbd_fs.h> #include <private/fs_config.h> +#include <unistd.h> void adbd_fs_config(const char* path, int dir, const char* target_out_path, uid_t* uid, gid_t* gid, mode_t* mode, uint64_t* capabilities) { - unsigned uid_hack; - unsigned gid_hack; - unsigned mode_hack; - fs_config(path, dir, target_out_path, &uid_hack, &gid_hack, &mode_hack, capabilities); - *uid = uid_hack; - *gid = gid_hack; - *mode = mode_hack; + // Only root has the necessary permissions to be able to apply fs_config. + if (getuid() != 0) { + return; + } + struct fs_config conf; + if (get_fs_config(path, dir, target_out_path, &conf)) { + *uid = conf.uid; + *gid = conf.gid; + *mode = conf.mode; + *capabilities = conf.capabilities; + } } diff --git a/libs/libadbd_fs/include/adbd_fs.h b/libs/libadbd_fs/include/adbd_fs.h index 6158d720..1c0895c6 100644 --- a/libs/libadbd_fs/include/adbd_fs.h +++ b/libs/libadbd_fs/include/adbd_fs.h @@ -20,7 +20,7 @@ #include <sys/types.h> extern "C" { -// Thin wrapper around libcutils fs_config. +// Thin wrapper around libcutils get_fs_config. void adbd_fs_config(const char* path, int dir, const char* target_out_path, uid_t* uid, gid_t* gid, mode_t* mode, uint64_t* capabilities); } |