Be strict, but not that strict.
Certain apps decide that they want to chmod() their private data
directories to gain more security. We still want to carefully
enforce owner UID/GID, but relax the mode check for now.
Bug: 26549892
Change-Id: I362d530ba0b20fb23f427ac082ee003864adc57d
diff --git a/include/cutils/fs.h b/include/cutils/fs.h
index 98c1296..be9e819 100644
--- a/include/cutils/fs.h
+++ b/include/cutils/fs.h
@@ -47,7 +47,7 @@
/*
* Ensure that directory exists with given mode and owners. If it exists
- * with a different mode or owners, they are not fixed and -1 is returned.
+ * with different owners, they are not fixed and -1 is returned.
*/
extern int fs_prepare_dir_strict(const char* path, mode_t mode, uid_t uid, gid_t gid);
diff --git a/libcutils/fs.c b/libcutils/fs.c
index 88c488c..5e2ef0b 100644
--- a/libcutils/fs.c
+++ b/libcutils/fs.c
@@ -55,13 +55,22 @@
ALOGE("Not a directory: %s", path);
return -1;
}
- if (((sb.st_mode & ALL_PERMS) == mode) && (sb.st_uid == uid) && (sb.st_gid == gid)) {
+ int owner_match = ((sb.st_uid == uid) && (sb.st_gid == gid));
+ int mode_match = ((sb.st_mode & ALL_PERMS) == mode);
+ if (owner_match && mode_match) {
return 0;
} else if (allow_fixup) {
goto fixup;
} else {
- ALOGE("Path %s exists with unexpected permissions", path);
- return -1;
+ if (!owner_match) {
+ ALOGE("Expected path %s with owner %d:%d but found %d:%d",
+ path, uid, gid, sb.st_uid, sb.st_gid);
+ return -1;
+ } else {
+ ALOGW("Expected path %s with mode %o but found %o",
+ path, mode, (sb.st_mode & ALL_PERMS));
+ return 0;
+ }
}
create: