Skip to content
Snippets Groups Projects
Commit fe764619 authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Re-derive permissions after package changes.

When packages change, existing package-specific directories may have
gained/lost a UID mapping, so we need to update the permissions for
any in-memory nodes.

This allows an app to deliver data for another package before that
package is installed, which is the typical pattern of how OBB files
are delivered.

Also fix bug by re-deriving permissions when files are moved.

Bug: 25399427
Change-Id: I06f38a24ad7dee5f5099ba81429aef03208e5683
parent db854844
Branches
Tags
No related merge requests found
...@@ -507,6 +507,16 @@ static void derive_permissions_locked(struct fuse* fuse, struct node *parent, ...@@ -507,6 +507,16 @@ static void derive_permissions_locked(struct fuse* fuse, struct node *parent,
} }
} }
static void derive_permissions_recursive_locked(struct fuse* fuse, struct node *parent) {
struct node *node;
for (node = parent->child; node; node = node->next) {
derive_permissions_locked(fuse, parent, node);
if (node->child) {
derive_permissions_recursive_locked(fuse, node);
}
}
}
/* Kernel has already enforced everything we returned through /* Kernel has already enforced everything we returned through
* derive_permissions_locked(), so this is used to lock down access * derive_permissions_locked(), so this is used to lock down access
* even further, such as enforcing that apps hold sdcard_rw. */ * even further, such as enforcing that apps hold sdcard_rw. */
...@@ -1145,6 +1155,8 @@ static int handle_rename(struct fuse* fuse, struct fuse_handler* handler, ...@@ -1145,6 +1155,8 @@ static int handle_rename(struct fuse* fuse, struct fuse_handler* handler,
res = rename_node_locked(child_node, new_name, new_actual_name); res = rename_node_locked(child_node, new_name, new_actual_name);
if (!res) { if (!res) {
remove_node_from_parent_locked(child_node); remove_node_from_parent_locked(child_node);
derive_permissions_locked(fuse, new_parent_node, child_node);
derive_permissions_recursive_locked(fuse, child_node);
add_node_to_parent_locked(child_node, new_parent_node); add_node_to_parent_locked(child_node, new_parent_node);
} }
goto done; goto done;
...@@ -1654,6 +1666,9 @@ static bool read_package_list(struct fuse_global* global) { ...@@ -1654,6 +1666,9 @@ static bool read_package_list(struct fuse_global* global) {
TRACE("read_package_list: found %zu packages\n", TRACE("read_package_list: found %zu packages\n",
hashmapSize(global->package_to_appid)); hashmapSize(global->package_to_appid));
/* Regenerate ownership details using newly loaded mapping */
derive_permissions_recursive_locked(global->fuse_default, &global->root);
pthread_mutex_unlock(&global->lock); pthread_mutex_unlock(&global->lock);
return rc; return rc;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment