Merge "Harden against invalid paths." into pi-dev

am: b9596e5feb Change-Id: Ic2648e92714b922d55ca4f7493a80a48a1d17c35
2019-01-10 07:57:03 -08:00
parent 4e850bbce3 b9596e5feb
commit daea01b53e
3 changed files with 46 additions and 6 deletions
--- a/services/core/java/com/android/server/slice/SliceClientPermissions.java
+++ b/services/core/java/com/android/server/slice/SliceClientPermissions.java
@@ -282,9 +282,12 @@ public class SliceClientPermissions implements DirtyTracker, Persistable {
        public synchronized void writeTo(XmlSerializer out) throws IOException {
            final int N = mPaths.size();
            for (int i = 0; i < N; i++) {
-                out.startTag(NAMESPACE, TAG_PATH);
-                out.text(encodeSegments(mPaths.valueAt(i)));
-                out.endTag(NAMESPACE, TAG_PATH);
+                final String[] segments = mPaths.valueAt(i);
+                if (segments != null) {
+                    out.startTag(NAMESPACE, TAG_PATH);
+                    out.text(encodeSegments(segments));
+                    out.endTag(NAMESPACE, TAG_PATH);
+                }
            }
        }

--- a/services/core/java/com/android/server/slice/SlicePermissionManager.java
+++ b/services/core/java/com/android/server/slice/SlicePermissionManager.java
@@ -315,7 +315,8 @@ public class SlicePermissionManager implements DirtyTracker {
        return new AtomicFile(new File(mSliceDir, fileName));
    }

-    private void handlePersist() {
+    @VisibleForTesting
+    void handlePersist() {
        synchronized (this) {
            for (Persistable persistable : mDirty) {
                AtomicFile file = getFile(persistable.getFileName());
@@ -335,7 +336,7 @@ public class SlicePermissionManager implements DirtyTracker {

                    out.flush();
                    file.finishWrite(stream);
-                } catch (IOException | XmlPullParserException e) {
+                } catch (IOException | XmlPullParserException | RuntimeException e) {
                    Slog.w(TAG, "Failed to save access file, restoring backup", e);
                    file.failWrite(stream);
                }
@@ -344,6 +345,12 @@ public class SlicePermissionManager implements DirtyTracker {
        }
    }

+    // use addPersistableDirty(); this is just for tests
+    @VisibleForTesting
+    void addDirtyImmediate(Persistable obj) {
+        mDirty.add(obj);
+    }
+
    private void handleRemove(PkgUser pkgUser) {
        getFile(SliceClientPermissions.getFileName(pkgUser)).delete();
        getFile(SliceProviderPermissions.getFileName(pkgUser)).delete();
--- a/services/tests/uiservicestests/src/com/android/server/slice/SlicePermissionManagerTest.java
+++ b/services/tests/uiservicestests/src/com/android/server/slice/SlicePermissionManagerTest.java
@@ -101,4 +101,34 @@ public class SlicePermissionManagerTest extends UiServiceTestCase {
        assertTrue(FileUtils.deleteContentsAndDir(sliceDir));
    }

-}
+    @Test
+    public void testInvalid() throws Exception {
+        File sliceDir = new File(mContext.getCacheDir(), "slices-test");
+        if (!sliceDir.exists()) {
+            sliceDir.mkdir();
+        }
+        SlicePermissionManager permissions = new SlicePermissionManager(mContext,
+                TestableLooper.get(this).getLooper(), sliceDir);
+
+        DirtyTracker.Persistable junk = new DirtyTracker.Persistable() {
+            @Override
+            public String getFileName() {
+                return "invalidData";
+            }
+
+            @Override
+            public void writeTo(XmlSerializer out) throws IOException {
+                throw new RuntimeException("this doesn't work");
+            }
+        };
+
+        // let's put something bad in here
+        permissions.addDirtyImmediate(junk);
+        // force a persist. if this throws, it would take down system_server
+        permissions.handlePersist();
+
+        // Cleanup.
+        assertTrue(FileUtils.deleteContentsAndDir(sliceDir));
+    }
+
+}