Set app.metadata file permission to 640
This should prevent apps from circumventing the GET_APP_METADATA
permission by reading the file directly if they are aware of the file
path.
Bug: 267823160
Test: atest android.packageinstaller.install.cts.InstallAppMetadataTest
Change-Id: I4aab10b48e62234bc252535ab2e2c8b9c77a7ac3
diff --git a/services/incremental/BinderIncrementalService.cpp b/services/incremental/BinderIncrementalService.cpp
index 45ca5cd..aff8e97 100644
--- a/services/incremental/BinderIncrementalService.cpp
+++ b/services/incremental/BinderIncrementalService.cpp
@@ -223,7 +223,7 @@
}
binder::Status BinderIncrementalService::makeFile(
- int32_t storageId, const std::string& path,
+ int32_t storageId, const std::string& path, int32_t mode,
const ::android::os::incremental::IncrementalNewFileParams& params,
const ::std::optional<::std::vector<uint8_t>>& content, int32_t* _aidl_return) {
auto [err, fileId, nfp] = toMakeFileParams(params);
@@ -232,7 +232,7 @@
return ok();
}
- *_aidl_return = mImpl.makeFile(storageId, path, 0777, fileId, nfp, toSpan(content));
+ *_aidl_return = mImpl.makeFile(storageId, path, mode, fileId, nfp, toSpan(content));
return ok();
}
binder::Status BinderIncrementalService::makeFileFromRange(int32_t storageId,