commit 814640315a91ec9de43a34ef6b360540edbfb092
author Jeff Sharkey <jsharkey@android.com> Thu Jan 14 11:53:42 2016 -0700
committer Jeff Sharkey <jsharkey@android.com> Thu Jan 14 12:02:53 2016 -0700
tree 46023037d448d3e268d87f817889db667096d081
parent 27f961f93d2ca761998e00c75819fd4a2f066626

Be strict, but not that strict.

Certain apps decide that they want to chmod() their private data
directories to gain more security.  We still want to carefully
enforce owner UID/GID, but relax the mode check for now.

Bug: 26549892
Change-Id: I362d530ba0b20fb23f427ac082ee003864adc57d

libcutils/fs.c

diff --git a/libcutils/fs.c b/libcutils/fs.c
index 88c488c..5e2ef0b 100644
--- a/libcutils/fs.c
+++ b/libcutils/fs.c
@@ -55,13 +55,22 @@
         ALOGE("Not a directory: %s", path);
         return -1;
     }
-    if (((sb.st_mode & ALL_PERMS) == mode) && (sb.st_uid == uid) && (sb.st_gid == gid)) {
+    int owner_match = ((sb.st_uid == uid) && (sb.st_gid == gid));
+    int mode_match = ((sb.st_mode & ALL_PERMS) == mode);
+    if (owner_match && mode_match) {
         return 0;
     } else if (allow_fixup) {
         goto fixup;
     } else {
-        ALOGE("Path %s exists with unexpected permissions", path);
-        return -1;
+        if (!owner_match) {
+            ALOGE("Expected path %s with owner %d:%d but found %d:%d",
+                    path, uid, gid, sb.st_uid, sb.st_gid);
+            return -1;
+        } else {
+            ALOGW("Expected path %s with mode %o but found %o",
+                    path, mode, (sb.st_mode & ALL_PERMS));
+            return 0;
+        }
     }
 
 create: