diff options
| author | Jeff Sharkey <jsharkey@android.com> | 2015-12-14 11:02:01 -0700 |
|---|---|---|
| committer | Jeff Sharkey <jsharkey@android.com> | 2015-12-14 15:38:24 -0700 |
| commit | fe7646194425cbae816936f996993bc146814d18 (patch) | |
| tree | 75d5eb3ff9c9a1e189b07cc9999414d951800501 /sdcard | |
| parent | db8548442304f103e3bc70d34e86e99c2acde15c (diff) | |
| download | system_core-fe7646194425cbae816936f996993bc146814d18.tar.gz system_core-fe7646194425cbae816936f996993bc146814d18.tar.bz2 system_core-fe7646194425cbae816936f996993bc146814d18.zip | |
Re-derive permissions after package changes.
When packages change, existing package-specific directories may have
gained/lost a UID mapping, so we need to update the permissions for
any in-memory nodes.
This allows an app to deliver data for another package before that
package is installed, which is the typical pattern of how OBB files
are delivered.
Also fix bug by re-deriving permissions when files are moved.
Bug: 25399427
Change-Id: I06f38a24ad7dee5f5099ba81429aef03208e5683
Diffstat (limited to 'sdcard')
| -rw-r--r-- | sdcard/sdcard.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/sdcard/sdcard.c b/sdcard/sdcard.c index b6bbe7efd..45efe369e 100644 --- a/sdcard/sdcard.c +++ b/sdcard/sdcard.c @@ -507,6 +507,16 @@ static void derive_permissions_locked(struct fuse* fuse, struct node *parent, } } +static void derive_permissions_recursive_locked(struct fuse* fuse, struct node *parent) { + struct node *node; + for (node = parent->child; node; node = node->next) { + derive_permissions_locked(fuse, parent, node); + if (node->child) { + derive_permissions_recursive_locked(fuse, node); + } + } +} + /* Kernel has already enforced everything we returned through * derive_permissions_locked(), so this is used to lock down access * even further, such as enforcing that apps hold sdcard_rw. */ @@ -1145,6 +1155,8 @@ static int handle_rename(struct fuse* fuse, struct fuse_handler* handler, res = rename_node_locked(child_node, new_name, new_actual_name); if (!res) { remove_node_from_parent_locked(child_node); + derive_permissions_locked(fuse, new_parent_node, child_node); + derive_permissions_recursive_locked(fuse, child_node); add_node_to_parent_locked(child_node, new_parent_node); } goto done; @@ -1654,6 +1666,9 @@ static bool read_package_list(struct fuse_global* global) { TRACE("read_package_list: found %zu packages\n", hashmapSize(global->package_to_appid)); + /* Regenerate ownership details using newly loaded mapping */ + derive_permissions_recursive_locked(global->fuse_default, &global->root); + pthread_mutex_unlock(&global->lock); return rc; |