Merge "Don't include inaccessible data dirs in library paths."

author: Alan Stokes <alanstokes@google.com> 2020-07-27 14:27:10 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-07-27 14:27:10 +0000
commit: a12326e5c05e6938f1d9edf93e4cd2000cdfed23 (patch)
tree: 745789f9ec70ddd2e6ad59d2e4cd82c88039e7e2
parent: 7b2c84f5692fdf6bac3d20aaf0b803a8685a7612 (diff)
parent: e8527305da97b3cf6bf14585723dc23e3cf70c00 (diff)
1 files changed, 30 insertions, 6 deletions
diff --git a/core/java/android/app/LoadedApk.java b/core/java/android/app/LoadedApk.java
index 1dc54ddbac4b..aa6a08b6d2e4 100644
--- a/core/java/android/app/LoadedApk.java
+++ b/core/java/android/app/LoadedApk.java
@@ -814,12 +814,9 @@ public final class LoadedApk {
 
         makePaths(mActivityThread, isBundledApp, mApplicationInfo, zipPaths, libPaths);
 
-        String libraryPermittedPath = mDataDir;
-        if (mActivityThread == null) {
-            // In a zygote context where mActivityThread is null we can't access the app data dir
-            // and including this in libraryPermittedPath would cause SELinux denials.
-            libraryPermittedPath = "";
-        }
+        // Including an inaccessible dir in libraryPermittedPath would cause SELinux denials
+        // when the loader attempts to canonicalise the path. so we don't.
+        String libraryPermittedPath = canAccessDataDir() ? mDataDir : "";
 
         if (isBundledApp) {
             // For bundled apps, add the base directory of the app (e.g.,
@@ -972,6 +969,33 @@ public final class LoadedApk {
         }
     }
 
+    /**
+     * Return whether we can access the package's private data directory in order to be able to
+     * load code from it.
+     */
+    private boolean canAccessDataDir() {
+        // In a zygote context where mActivityThread is null we can't access the app data dir.
+        if (mActivityThread == null) {
+            return false;
+        }
+
+        // A package can access its own data directory (the common case, so short-circuit it).
+        if (Objects.equals(mPackageName, ActivityThread.currentPackageName())) {
+            return true;
+        }
+
+        // Temporarily disable logging of disk reads on the Looper thread as this is necessary -
+        // and the loader will access the directory anyway if we don't check it.
+        StrictMode.ThreadPolicy oldPolicy = allowThreadDiskReads();
+        try {
+            // We are constructing a classloader for a different package. It is likely,
+            // but not certain, that we can't acccess its app data dir - so check.
+            return new File(mDataDir).canExecute();
+        } finally {
+            setThreadPolicy(oldPolicy);
+        }
+    }
+
     @UnsupportedAppUsage
     public ClassLoader getClassLoader() {
         synchronized (this) {
author	Alan Stokes <alanstokes@google.com>	2020-07-27 14:27:10 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-07-27 14:27:10 +0000
commit	a12326e5c05e6938f1d9edf93e4cd2000cdfed23 (patch)
tree	745789f9ec70ddd2e6ad59d2e4cd82c88039e7e2
parent	7b2c84f5692fdf6bac3d20aaf0b803a8685a7612 (diff)
parent	e8527305da97b3cf6bf14585723dc23e3cf70c00 (diff)