diff options
Diffstat (limited to 'cmds/installd/utils.c')
| -rw-r--r-- | cmds/installd/utils.c | 12 | 
1 files changed, 8 insertions, 4 deletions
| diff --git a/cmds/installd/utils.c b/cmds/installd/utils.c index 8f366a01ac..54f90abe00 100644 --- a/cmds/installd/utils.c +++ b/cmds/installd/utils.c @@ -910,14 +910,14 @@ void finish_cache_collection(cache_t* cache)   * The path is allowed to have at most one subdirectory and no indirections   * to top level directories (i.e. have "..").   */ -static int validate_path(const dir_rec_t* dir, const char* path) { +static int validate_path(const dir_rec_t* dir, const char* path, int maxSubdirs) {      size_t dir_len = dir->len;      const char* subdir = strchr(path + dir_len, '/');      // Only allow the path to have at most one subdirectory.      if (subdir != NULL) {          ++subdir; -        if (strchr(subdir, '/') != NULL) { +        if ((--maxSubdirs == 0) && strchr(subdir, '/') != NULL) {              ALOGE("invalid apk path '%s' (subdir?)\n", path);              return -1;          } @@ -942,7 +942,7 @@ int validate_system_app_path(const char* path) {      for (i = 0; i < android_system_dirs.count; i++) {          const size_t dir_len = android_system_dirs.dirs[i].len;          if (!strncmp(path, android_system_dirs.dirs[i].path, dir_len)) { -            return validate_path(android_system_dirs.dirs + i, path); +            return validate_path(android_system_dirs.dirs + i, path, 1);          }      } @@ -1042,6 +1042,7 @@ int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) {  int validate_apk_path(const char *path)  {      const dir_rec_t* dir = NULL; +    int maxSubdirs = 1;      if (!strncmp(path, android_app_dir.path, android_app_dir.len)) {          dir = &android_app_dir; @@ -1049,11 +1050,14 @@ int validate_apk_path(const char *path)          dir = &android_app_private_dir;      } else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) {          dir = &android_asec_dir; +    } else if (!strncmp(path, android_mnt_expand_dir.path, android_mnt_expand_dir.len)) { +        dir = &android_mnt_expand_dir; +        maxSubdirs = 2;      } else {          return -1;      } -    return validate_path(dir, path); +    return validate_path(dir, path, maxSubdirs);  }  int append_and_increment(char** dst, const char* src, size_t* dst_size) { |