Delete target directory before running odrefresh
This allows it to re-create the directory and files when it runs.
Bug: 210460516
Test: composd_cmd async-odrefresh
Change-Id: I1e5a100f0d68d0266c9af9d681e243dd5bdb0556
diff --git a/compos/composd/src/odrefresh_task.rs b/compos/composd/src/odrefresh_task.rs
index 9b70248..bcdf2f4 100644
--- a/compos/composd/src/odrefresh_task.rs
+++ b/compos/composd/src/odrefresh_task.rs
@@ -22,12 +22,12 @@
ICompilationTask::ICompilationTask, ICompilationTaskCallback::ICompilationTaskCallback,
};
use android_system_composd::binder::{Interface, Result as BinderResult, Strong};
-use anyhow::{bail, Context, Result};
+use anyhow::{anyhow, bail, Context, Result};
use compos_aidl_interface::aidl::com::android::compos::ICompOsService::ICompOsService;
use compos_common::odrefresh::ExitCode;
use log::{error, warn};
use rustutils::system_properties;
-use std::fs::{File, OpenOptions};
+use std::fs::{remove_dir_all, File, OpenOptions};
use std::os::unix::fs::OpenOptionsExt;
use std::os::unix::io::AsRawFd;
use std::path::Path;
@@ -107,9 +107,17 @@
}
fn run_in_vm(service: Strong<dyn ICompOsService>, target_dir_name: &str) -> Result<ExitCode> {
+ let output_root = Path::new(ART_APEX_DATA);
+
+ // We need to remove the target directory because odrefresh running in compos will create it
+ // (and can't see the existing one, since authfs doesn't show it existing files in an output
+ // directory).
+ let target_path = output_root.join(target_dir_name);
+ remove_dir_all(&target_path).with_context(|| anyhow!("Deleting {}", target_path.display()))?;
+
let staging_dir = open_dir(composd_native::palette_create_odrefresh_staging_directory()?)?;
let system_dir = open_dir(Path::new("/system"))?;
- let output_dir = open_dir(Path::new(ART_APEX_DATA))?;
+ let output_dir = open_dir(output_root)?;
// Spawn a fd_server to serve the FDs.
let fd_server_config = FdServerConfig {
diff --git a/compos/src/artifact_signer.rs b/compos/src/artifact_signer.rs
index ce32d6b..a4b47d6 100644
--- a/compos/src/artifact_signer.rs
+++ b/compos/src/artifact_signer.rs
@@ -70,13 +70,15 @@
let signature = signer.sign(&bytes)?;
- let mut file = File::create(info_path)?;
+ let mut file =
+ File::create(info_path).with_context(|| format!("Creating {}", info_path.display()))?;
file.write_all(&bytes)?;
let mut signature_name = info_path.file_name().unwrap().to_owned();
signature_name.push(SIGNATURE_EXTENSION);
let signature_path = info_path.with_file_name(&signature_name);
- let mut signature_file = File::create(&signature_path)?;
+ let mut signature_file = File::create(&signature_path)
+ .with_context(|| format!("Creating {}", signature_path.display()))?;
signature_file.write_all(&signature)?;
Ok(())
diff --git a/compos/src/compilation.rs b/compos/src/compilation.rs
index cf6f30a..7eaae5d 100644
--- a/compos/src/compilation.rs
+++ b/compos/src/compilation.rs
@@ -20,7 +20,7 @@
use std::env;
use std::fs::{read_dir, File};
use std::os::unix::io::{AsRawFd, RawFd};
-use std::path::{Path, PathBuf};
+use std::path::{self, Path, PathBuf};
use crate::artifact_signer::ArtifactSigner;
use crate::compos_key_service::Signer;
@@ -83,6 +83,11 @@
if zygote_arch != "zygote64" && zygote_arch != "zygote64_32" {
bail!("Invalid zygote arch");
}
+ // Disallow any sort of path traversal
+ if target_dir_name.contains(path::MAIN_SEPARATOR) {
+ bail!("Invalid target directory {}", target_dir_name);
+ }
+
Ok(Self { system_dir_fd, output_dir_fd, staging_dir_fd, target_dir_name, zygote_arch })
}
}