Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / dfed8dc1002c4d40c31c309cf3f651d2e4c8f96e^! / .
commitdfed8dc1002c4d40c31c309cf3f651d2e4c8f96e[log] [tgz]
authorBessie Jiang <bessiej@google.com>Wed Nov 13 16:17:26 2024 +0000
committerBessie Jiang <bessiej@google.com>Wed Nov 13 16:17:26 2024 +0000
treecacd745018e48fe1b00ed1e7cde96c52e2682797
parentddf363629632912536d08b368e488dc4757a340f [diff]
Make newly created CT directories executable

Directories treat the executable bit differently than files, and need it
to be set in order for the files within said directories to be
accessible. Without making the CT directories executable, the log list
file is not accessible. See
https://www.redhat.com/en/blog/linux-file-permissions-explained for more
details.

Test: atest NetworkSecurityUnitTests (also manually)
Bug: 319829948
Change-Id: I03c172e93dc3ecb50f69297ea47b2fdeb860048b

diff --git a/networksecurity/service/src/com/android/server/net/ct/DirectoryUtils.java b/networksecurity/service/src/com/android/server/net/ct/DirectoryUtils.java
index e3b4124..ba42a82 100644
--- a/networksecurity/service/src/com/android/server/net/ct/DirectoryUtils.java
+++ b/networksecurity/service/src/com/android/server/net/ct/DirectoryUtils.java

@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package com.android.server.net.ct;
 
 import android.annotation.SuppressLint;
@@ -29,16 +30,33 @@
             throw new IOException("Unable to make directory " + dir.getCanonicalPath());
         }
         setWorldReadable(dir);
+        // Needed for the log list file to be accessible.
+        setWorldExecutable(dir);
     }
 
     // CT files and directories are readable by all apps.
     @SuppressLint("SetWorldReadable")
     static void setWorldReadable(File file) throws IOException {
-        if (!file.setReadable(true, false)) {
+        if (!file.setReadable(/* readable= */ true, /* ownerOnly= */ false)) {
             throw new IOException("Failed to set " + file.getCanonicalPath() + " readable");
         }
     }
 
+    // CT directories are executable by all apps, to allow access to the log list by anything on the
+    // device.
+    static void setWorldExecutable(File file) throws IOException {
+        if (!file.isDirectory()) {
+            // Only directories need to be marked as executable to allow for access
+            // to the files inside.
+            // See https://www.redhat.com/en/blog/linux-file-permissions-explained for more details.
+            return;
+        }
+
+        if (!file.setExecutable(/* executable= */ true, /* ownerOnly= */ false)) {
+            throw new IOException("Failed to set " + file.getCanonicalPath() + " executable");
+        }
+    }
+
     static boolean removeDir(File dir) {
         return deleteContentsAndDir(dir);
     }