090ae07bc2
Vold was trusting system_server too much and allowed for pretty much any path in mount()/bindMount() calls for incremental. This CL adds validation to make sure it's only accessing own directories. This includes enforcing no symlinks in the paths Ignore-AOSP-First: security fix Bug: 198657657 Test: manual Change-Id: I6035447f94ef44c4ae3294c3ae47de2d7210683a
42 lines
1.4 KiB
C++
42 lines
1.4 KiB
C++
/*
|
|
* Copyright (C) 2020 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <binder/Status.h>
|
|
|
|
#include <string>
|
|
|
|
#include <stdint.h>
|
|
#include <sys/types.h>
|
|
|
|
namespace android::vold {
|
|
|
|
binder::Status Ok();
|
|
binder::Status Exception(uint32_t code, const std::string& msg);
|
|
|
|
binder::Status CheckPermission(const char* permission);
|
|
binder::Status CheckUidOrRoot(uid_t expectedUid);
|
|
binder::Status CheckArgumentId(const std::string& id);
|
|
binder::Status CheckArgumentPath(const std::string& path);
|
|
binder::Status CheckArgumentHex(const std::string& hex);
|
|
|
|
// Incremental service is only allowed to touch its own directory, and the installed apps dir.
|
|
// This function ensures the caller isn't doing anything tricky.
|
|
enum class IncrementalPathKind { MountSource, MountTarget, Bind, Any };
|
|
binder::Status CheckIncrementalPath(IncrementalPathKind kind, const std::string& path);
|
|
|
|
} // namespace android::vold
|