Allow apk path to contain one subdirectory.

In the current directory layout this prevented rm_dex and move_dex commands to validate the apk path and thus cleaning up resources. Bug: 16888084 (cherry picked from commit fd88ff2edd) Change-Id: I1002529b0c35852c67540d3165d1444523460592
2014-08-15 15:45:51 +01:00 · 2014-08-15 15:45:51 +01:00 · 9d76156266
commit 9d76156266
parent efc0b35fbd
2 changed files with 27 additions and 26 deletions
--- a/cmds/installd/tests/installd_utils_test.cpp
+++ b/cmds/installd/tests/installd_utils_test.cpp
@ -101,6 +101,11 @@ TEST_F(UtilsTest, IsValidApkPath_Internal) {
    EXPECT_EQ(0, validate_apk_path(internal1))
            << internal1 << " should be allowed as a valid path";

+    // b/16888084
+    const char *path2 = TEST_APP_DIR "example.com/example.apk";
+    EXPECT_EQ(0, validate_apk_path(path2))
+            << path2 << " should be allowed as a valid path";
+
    const char *badint1 = TEST_APP_DIR "../example.apk";
    EXPECT_EQ(-1, validate_apk_path(badint1))
            << badint1 << " should be rejected as a invalid path";
@ -109,9 +114,10 @@ TEST_F(UtilsTest, IsValidApkPath_Internal) {
    EXPECT_EQ(-1, validate_apk_path(badint2))
            << badint2 << " should be rejected as a invalid path";

-    const char *badint3 = TEST_APP_DIR "example.com/pkg.apk";
-    EXPECT_EQ(-1, validate_apk_path(badint3))
-            << badint3 << " should be rejected as a invalid path";
+    // Only one subdir should be allowed.
+    const char *bad_path3 = TEST_APP_DIR "example.com/subdir/pkg.apk";
+    EXPECT_EQ(-1, validate_apk_path(bad_path3))
+            << bad_path3 << " should be rejected as a invalid path";
 }

 TEST_F(UtilsTest, IsValidApkPath_Private) {
@ -120,6 +126,11 @@ TEST_F(UtilsTest, IsValidApkPath_Private) {
    EXPECT_EQ(0, validate_apk_path(private1))
            << private1 << " should be allowed as a valid path";

+    // b/16888084
+    const char *path2 = TEST_APP_DIR "example.com/example.apk";
+    EXPECT_EQ(0, validate_apk_path(path2))
+            << path2 << " should be allowed as a valid path";
+
    const char *badpriv1 = TEST_APP_PRIVATE_DIR "../example.apk";
    EXPECT_EQ(-1, validate_apk_path(badpriv1))
            << badpriv1 << " should be rejected as a invalid path";
@ -128,9 +139,10 @@ TEST_F(UtilsTest, IsValidApkPath_Private) {
    EXPECT_EQ(-1, validate_apk_path(badpriv2))
            << badpriv2 << " should be rejected as a invalid path";

-    const char *badpriv3 = TEST_APP_PRIVATE_DIR "example.com/pkg.apk";
-    EXPECT_EQ(-1, validate_apk_path(badpriv3))
-            << badpriv3 << " should be rejected as a invalid path";
+    // Only one subdir should be allowed.
+    const char *bad_path3 = TEST_APP_PRIVATE_DIR "example.com/subdir/pkg.apk";
+    EXPECT_EQ(-1, validate_apk_path(bad_path3))
+            << bad_path3 << " should be rejected as a invalid path";
 }


--- a/cmds/installd/utils.c
+++ b/cmds/installd/utils.c
@ -914,16 +914,13 @@ int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) {
 }

 /**
- * Check whether path points to a valid path for an APK file. An ASEC
- * directory is allowed to have one level of subdirectory names. Returns -1
- * when an invalid path is encountered and 0 when a valid path is encountered.
+ * Check whether path points to a valid path for an APK file. Only one level of
+ * subdirectory names is allowed. Returns -1 when an invalid path is encountered
+ * and 0 when a valid path is encountered.
 */
 int validate_apk_path(const char *path)
 {
-    int allowsubdir = 0;
-    char *subdir = NULL;
    size_t dir_len;
-    size_t path_len;

    if (!strncmp(path, android_app_dir.path, android_app_dir.len)) {
        dir_len = android_app_dir.len;
@ -931,32 +928,24 @@ int validate_apk_path(const char *path)
        dir_len = android_app_private_dir.len;
    } else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) {
        dir_len = android_asec_dir.len;
-        allowsubdir = 1;
    } else {
        ALOGE("invalid apk path '%s' (bad prefix)\n", path);
        return -1;
    }

-    path_len = strlen(path);
+    const char* subdir = strchr(path + dir_len, '/');

-    /*
-     * Only allow the path to have a subdirectory if it's been marked as being allowed.
-     */
-    if ((subdir = strchr(path + dir_len, '/')) != NULL) {
+    // Only allow the path to have at most one subdirectory.
+    if (subdir != NULL) {
        ++subdir;
-        if (!allowsubdir
-                || (path_len > (size_t) (subdir - path) && (strchr(subdir, '/') != NULL))) {
+        if (strchr(subdir, '/') != NULL) {
            ALOGE("invalid apk path '%s' (subdir?)\n", path);
            return -1;
        }
    }

-    /*
-     *  Directories can't have a period directly after the directory markers
-     *  to prevent ".."
-     */
-    if (path[dir_len] == '.'
-            || (subdir != NULL && ((*subdir == '.') || (strchr(subdir, '/') != NULL)))) {
+    // Directories can't have a period directly after the directory markers to prevent "..".
+    if ((path[dir_len] == '.') || ((subdir != NULL) && (*subdir == '.'))) {
        ALOGE("invalid apk path '%s' (trickery)\n", path);
        return -1;
    }