widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Set umask to ensure sensitive files are only accessible by owner.

Browse Source 
[Merge of http://go/wvgerrit/16626]
[Cherrypick from http://go/ag/858552 to nyc-dev branch]

Setting umask to ensure only owner can access sensitive files.
Fixes request_license_test which creates directories and files
accessible by group and others.

bug: 26567162
Change-Id: I63553ec9210f3a4c160cd4c4f2a49c9e0a4157db
This commit is contained in:
Edwin Wong
2016-02-02 18:13:14 -08:00
parent c7e92b68e6
commit fa4cb04a00
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libwvdrmengine/cdm/src/file_store.cpp
View File

@@ -48,6 +48,8 @@ File::~File() {
bool File::Open(const std::string& name, int flags) { bool File::Open(const std::string& name, int flags) {
std::string open_flags; std::string open_flags;
// ensure only owners has access
mode_t old_mask = umask(077);
if (((flags & File::kTruncate) && Exists(name)) || if (((flags & File::kTruncate) && Exists(name)) ||
((flags & File::kCreate) && !Exists(name))) { ((flags & File::kCreate) && !Exists(name))) {
FILE* fp = fopen(name.c_str(), "w+"); FILE* fp = fopen(name.c_str(), "w+");
@@ -67,6 +69,7 @@ bool File::Open(const std::string& name, int flags) {
LOGW("File::Open: fopen failed: %d", errno); LOGW("File::Open: fopen failed: %d", errno);
} }
impl_->file_path_ = name; impl_->file_path_ = name;
umask(old_mask);
return impl_->file_ != NULL; return impl_->file_ != NULL;
} }
@@ -253,7 +256,7 @@ bool File::CreateDirectory(std::string path) {
size_t pos = path.find(kDirectoryDelimiter, 1); size_t pos = path.find(kDirectoryDelimiter, 1);
while (pos < size) { while (pos < size) {
path[pos] = '\0'; path[pos] = '\0';
if (mkdir(path.c_str(), 0775) != 0) { if (mkdir(path.c_str(), 0700) != 0) {
if (errno != EEXIST) { if (errno != EEXIST) {
LOGW("File::CreateDirectory: mkdir failed: %d\n", errno); LOGW("File::CreateDirectory: mkdir failed: %d\n", errno);
return false; return false;
@@ -264,7 +267,7 @@ bool File::CreateDirectory(std::string path) {
} }
if (path[size - 1] != kDirectoryDelimiter) { if (path[size - 1] != kDirectoryDelimiter) {
if (mkdir(path.c_str(), 0775) != 0) { if (mkdir(path.c_str(), 0700) != 0) {
if (errno != EEXIST) { if (errno != EEXIST) {
LOGW("File::CreateDirectory: mkdir failed: %d\n", errno); LOGW("File::CreateDirectory: mkdir failed: %d\n", errno);
return false; return false;