ANDROID: sdcardfs: Avoid setting GIDs outside of valid ranges
authorDaniel Rosenberg <drosen@google.com>
Mon, 24 Apr 2017 23:11:03 +0000 (16:11 -0700)
committerDaniel Rosenberg <drosen@google.com>
Tue, 30 Jan 2018 03:40:09 +0000 (19:40 -0800)
When setting up the ownership of files on the lower filesystem,
ensure that these values are in reasonable ranges for apps. If
they aren't, default to AID_MEDIA_RW

Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 37516160
Change-Id: I0bec76a61ac72aff0b993ab1ad04be8382178a00

fs/sdcardfs/derived_perm.c
fs/sdcardfs/multiuser.h

index 29645276c7340a475452a894e26c5e504bd8f10b..5a0ef38898468ee21403748f4d754864ec003595 100644 (file)
@@ -215,16 +215,16 @@ void fixup_lower_ownership(struct dentry *dentry, const char *name)
                gid = AID_MEDIA_OBB;
                break;
        case PERM_ANDROID_PACKAGE:
-               if (info->d_uid != 0)
+               if (uid_is_app(info->d_uid))
                        gid = multiuser_get_ext_gid(info->d_uid);
                else
-                       gid = multiuser_get_uid(info->userid, uid);
+                       gid = multiuser_get_uid(info->userid, AID_MEDIA_RW);
                break;
        case PERM_ANDROID_PACKAGE_CACHE:
-               if (info->d_uid != 0)
+               if (uid_is_app(info->d_uid))
                        gid = multiuser_get_ext_cache_gid(info->d_uid);
                else
-                       gid = multiuser_get_uid(info->userid, uid);
+                       gid = multiuser_get_uid(info->userid, AID_MEDIA_RW);
                break;
        case PERM_PRE_ROOT:
        default:
index d0c925cda2994cf148534a358e4cd6e329a297b8..85341e753f8c9e19288ce608efa8973f78ab8918 100644 (file)
@@ -35,6 +35,13 @@ static inline uid_t multiuser_get_uid(userid_t user_id, appid_t app_id)
        return (user_id * AID_USER_OFFSET) + (app_id % AID_USER_OFFSET);
 }
 
+static inline bool uid_is_app(uid_t uid)
+{
+       appid_t appid = uid % AID_USER_OFFSET;
+
+       return appid >= AID_APP_START && appid <= AID_APP_END;
+}
+
 static inline gid_t multiuser_get_ext_cache_gid(uid_t uid)
 {
        return uid - AID_APP_START + AID_EXT_CACHE_GID_START;