[vold] Check incremental paths before mounting Vold was trusting system_server too much and allowed for pretty much any path in mount()/bindMount() calls for incremental. This CL adds validation to make sure it's only accessing own directories. This includes enforcing no symlinks in the paths Ignore-AOSP-First: security fix Bug: 198657657 Test: manual Change-Id: I6035447f94ef44c4ae3294c3ae47de2d7210683a

commit: 090ae07bc2eb5c053825ea3f1e98be39e50d54bd [log] [tgz]
author: Yurii Zubrytskyi <zyy@google.com> Mon Oct 18 22:33:15 2021 -0700
committer: Yurii Zubrytskyi <zyy@google.com> Tue Nov 02 11:20:39 2021 -0700
tree: 26f49f8c279f680d080eaf5a3634473238052a16
parent: 40a76662aebde227e98509c6f6143950089c10f3 [diff] [blame]
diff --git a/VoldNativeServiceValidation.h b/VoldNativeServiceValidation.h
index d2fc9e0..7fcb738 100644
--- a/VoldNativeServiceValidation.h
+++ b/VoldNativeServiceValidation.h

@@ -34,4 +34,9 @@
 binder::Status CheckArgumentPath(const std::string& path);
 binder::Status CheckArgumentHex(const std::string& hex);
 
+// Incremental service is only allowed to touch its own directory, and the installed apps dir.
+// This function ensures the caller isn't doing anything tricky.
+enum class IncrementalPathKind { MountSource, MountTarget, Bind, Any };
+binder::Status CheckIncrementalPath(IncrementalPathKind kind, const std::string& path);
+
 }  // namespace android::vold
commit	090ae07bc2eb5c053825ea3f1e98be39e50d54bd	[log] [tgz]
author	Yurii Zubrytskyi <zyy@google.com>	Mon Oct 18 22:33:15 2021 -0700
committer	Yurii Zubrytskyi <zyy@google.com>	Tue Nov 02 11:20:39 2021 -0700
tree	26f49f8c279f680d080eaf5a3634473238052a16
parent	40a76662aebde227e98509c6f6143950089c10f3 [diff] [blame]