Fix for: clearAppProfiles interface can cause arbitrary file truncate
Bug: 216116581
Fixes: 216116581
Test: atest installd_dexopt_test
Change-Id: Ia3eae81cc26b28b0d25dc5f5c6cd04ec8c1bafdf
diff --git a/cmds/installd/InstalldNativeService.cpp b/cmds/installd/InstalldNativeService.cpp
index a2de471..ae1d3aa 100644
--- a/cmds/installd/InstalldNativeService.cpp
+++ b/cmds/installd/InstalldNativeService.cpp
@@ -1028,6 +1028,12 @@
const std::string& profileName) {
ENFORCE_UID(AID_SYSTEM);
CHECK_ARGUMENT_PACKAGE_NAME(packageName);
+ CHECK_ARGUMENT_FILE_NAME(profileName);
+ if (!base::EndsWith(profileName, ".prof")) {
+ return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
+ StringPrintf("Profile name %s does not end with .prof",
+ profileName.c_str()));
+ }
LOCK_PACKAGE();
binder::Status res = ok();
diff --git a/cmds/installd/tests/installd_dexopt_test.cpp b/cmds/installd/tests/installd_dexopt_test.cpp
index aadf6dd..a1c5fae 100644
--- a/cmds/installd/tests/installd_dexopt_test.cpp
+++ b/cmds/installd/tests/installd_dexopt_test.cpp
@@ -1293,6 +1293,23 @@
preparePackageProfile(package_name_, "primary.prof", /*expected_result*/ false);
}
+TEST_F(ProfileTest, ClearAppProfilesOk) {
+ LOG(INFO) << "ClearAppProfilesOk";
+
+ ASSERT_BINDER_SUCCESS(service_->clearAppProfiles(package_name_, "primary.prof"));
+ ASSERT_BINDER_SUCCESS(service_->clearAppProfiles(package_name_, "image_editor.split.prof"));
+}
+
+TEST_F(ProfileTest, ClearAppProfilesFailWrongProfileName) {
+ LOG(INFO) << "ClearAppProfilesFailWrongProfileName";
+
+ ASSERT_BINDER_FAIL(
+ service_->clearAppProfiles(package_name_,
+ "../../../../dalvik-cache/arm64/"
+ "system@app@SecureElement@SecureElement.apk@classes.vdex"));
+ ASSERT_BINDER_FAIL(service_->clearAppProfiles(package_name_, "image_editor.split.apk"));
+}
+
TEST_F(ProfileTest, CopySystemProfileOk) {
LOG(INFO) << "CopySystemProfileOk";