summaryrefslogtreecommitdiffstats
path: root/sdcard
diff options
context:
space:
mode:
authorJeff Sharkey <jsharkey@android.com>2015-12-16 13:20:37 -0700
committerJeff Sharkey <jsharkey@android.com>2015-12-16 13:20:53 -0700
commitf7aad11c1cc133e352333f83e3abbf323cd41ead (patch)
treeabe5ea1660f2681b8bcd951c57f6bb98fe3c8f95 /sdcard
parent85c3bbed4cb66a7829a6f9f402c89cfe15f11625 (diff)
downloadcore-f7aad11c1cc133e352333f83e3abbf323cd41ead.tar.gz
core-f7aad11c1cc133e352333f83e3abbf323cd41ead.tar.bz2
core-f7aad11c1cc133e352333f83e3abbf323cd41ead.zip
Re-derive permissions after package changes.
When packages change, existing package-specific directories may have gained/lost a UID mapping, so we need to update the permissions for any in-memory nodes. This allows an app to deliver data for another package before that package is installed, which is the typical pattern of how OBB files are delivered. Also fix bug by re-deriving permissions when files are moved. Bug: 25399427 Change-Id: I06f38a24ad7dee5f5099ba81429aef03208e5683
Diffstat (limited to 'sdcard')
-rw-r--r--sdcard/sdcard.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/sdcard/sdcard.c b/sdcard/sdcard.c
index a79e2ddce..06452aa47 100644
--- a/sdcard/sdcard.c
+++ b/sdcard/sdcard.c
@@ -507,6 +507,16 @@ static void derive_permissions_locked(struct fuse* fuse, struct node *parent,
}
}
+static void derive_permissions_recursive_locked(struct fuse* fuse, struct node *parent) {
+ struct node *node;
+ for (node = parent->child; node; node = node->next) {
+ derive_permissions_locked(fuse, parent, node);
+ if (node->child) {
+ derive_permissions_recursive_locked(fuse, node);
+ }
+ }
+}
+
/* Kernel has already enforced everything we returned through
* derive_permissions_locked(), so this is used to lock down access
* even further, such as enforcing that apps hold sdcard_rw. */
@@ -1145,6 +1155,8 @@ static int handle_rename(struct fuse* fuse, struct fuse_handler* handler,
res = rename_node_locked(child_node, new_name, new_actual_name);
if (!res) {
remove_node_from_parent_locked(child_node);
+ derive_permissions_locked(fuse, new_parent_node, child_node);
+ derive_permissions_recursive_locked(fuse, child_node);
add_node_to_parent_locked(child_node, new_parent_node);
}
goto done;
@@ -1663,6 +1675,10 @@ static int read_package_list(struct fuse_global* global) {
TRACE("read_package_list: found %zu packages\n",
hashmapSize(global->package_to_appid));
fclose(file);
+
+ /* Regenerate ownership details using newly loaded mapping */
+ derive_permissions_recursive_locked(global->fuse_default, &global->root);
+
pthread_mutex_unlock(&global->lock);
return 0;
}