Commit graph

10 commits

Author SHA1 Message Date
Jeff Sharkey
814640315a Be strict, but not that strict.
Certain apps decide that they want to chmod() their private data
directories to gain more security.  We still want to carefully
enforce owner UID/GID, but relax the mode check for now.

Bug: 26549892
Change-Id: I362d530ba0b20fb23f427ac082ee003864adc57d
2016-01-14 12:02:53 -07:00
Jeff Sharkey
cf94fe152e Offer a stricter way to prepare directories.
Some callers, such as installd, have stricter requirements around
directory preparation, where they want to assert ownership and mode
without quietly fixing the values.

Bug: 26466827
Change-Id: Id44db5f29a3326cfe178b443fb450ad2edeaefd8
2016-01-12 13:07:52 -07:00
Nick Kralevich
30a86ebc7a fs_mkdirs: use O_NOFOLLOW and O_CLOEXEC
Don't follow symlinks. Suggestion from Jann Horn.

Also, add O_CLOEXEC. This prevents file descriptor leakage should
this code ever run in a multithreaded environment.

I'm not sure if either of these changes actually address any
security concerns, but it's harmless, so go ahead and add it.

Bug: 15675141
Change-Id: I7ba4e9d10439b7150f59759b54e3ad8ccba411e3
2014-06-16 15:40:40 -07:00
Jeff Sharkey
0ee7d8c68b Fix Mac builds, for realz.
Change-Id: I63e21b90e5b8a8f016dd04ceca4354793faa5e37
2013-09-20 18:00:15 -07:00
Jeff Sharkey
44d6342caa Remove mkdir() side effect, add .nomedia, utils.
Before this change, FUSE lookup() would have the side effect of
creating the directory on behalf of apps.  This resulted in most
directories being created just by Settings trying to measure disk
space.  Instead, we're switching to have vold do directory creation
when an app doesn't have enough permissions.

Create fs_mkdirs() utility to create all parent directories in a
path as needed.  Allow traversal (+x) into /storage directories.

Fix FUSE derived permissions to be case insensitive.  Mark well-known
directories as .nomedia when created.

Bug: 10577808, 10330221
Change-Id: I53114f2e63ffbe6de4ba6a72d94a232523231cad
2013-09-20 14:21:09 -07:00
Nick Kralevich
69ce489fc3 fs.c: Fix implicit declaration of function 'mkstemp'
system/core/libcutils/fs.c: In function 'fs_write_atomic_int':
system/core/libcutils/fs.c:109:5: warning: implicit declaration of function 'mkstemp' [-Wimplicit-function-declaration]

Change-Id: I337ecb818f85e20b058f782df45987acf2e9d6c1
2012-10-15 15:51:33 -07:00
Jeff Sharkey
489609bb44 Allow mkdir() race to succeed.
When two zygotes are starting, they both may try creating a mount
point after checking lstat().  The second mkdir() will result in
EEXIST, which is okay to ignore.

Bug: 7165469
Change-Id: If4411e2621f773c74cd05247899982fa5ebdd020
2012-09-25 13:13:08 -07:00
Jeff Sharkey
6de7026790 Wrap more system calls in TEMP_FAILURE_RETRY.
Bug: 7151474
Change-Id: I9fe19746104cf392f88ea5cf8061e2e21e334671
2012-09-13 15:11:42 -07:00
Jeff Sharkey
ddb1733944 Wrap system calls in TEMP_FAILURE_RETRY.
fs_prepare_dir() is used heavily during Zygote init, and can easily
run into EINTR.

Bug: 7151474
Change-Id: I7aac43a43483d55db47ca20456fff68ce51bbc46
2012-09-13 15:02:53 -07:00
Jeff Sharkey
9685194fc9 File-system utilities for installd and zygote.
Bug: 7008879
Change-Id: Ia54b8d4ad434e8973f235e2a4728651814bef8a9
2012-08-30 10:29:41 -07:00