diff options
| author | 2022-12-12 15:11:41 -0800 | |
|---|---|---|
| committer | 2022-12-12 16:20:31 -0800 | |
| commit | a669ce68cd8ee67ebfe37844bf7de81e23219842 (patch) | |
| tree | bf22d4715ebef30779f0e840fbca2d57696423a8 /libs/androidfw/StringPool.cpp | |
| parent | c4a66af34f2d35981dec3c265cb4434e91ffa800 (diff) | |
Disallow everyone to list files in the package dir
Only the system and the owner should be able to list the app
directory, both levels of it. Our code used the default mode
for them, making Incremental installations vulnerable to any
app that can see mounted filesystems: enumerating files in the
mounted incfs instance would give away the app package name.
This CL explicitly changes the mode to only allow reading
individual files in directory, but not listing them. Also now
we have code that fixes any originally installed packages to
make sure their mode is set properly as well
Bug: 261766355
Test: manual + an incremental CTS case
Change-Id: Ib084a3da95bd3e45463ee9e85e5b626495fd5486
Diffstat (limited to 'libs/androidfw/StringPool.cpp')
0 files changed, 0 insertions, 0 deletions