Avoid TOCTOU condition

- chmod() did't change smack label of already existing directory.
- remove() can't remove not empty directory

Change-Id: I801ecfaf5df86122fb553891598d7b27b43069e3
Signed-off-by: pr.jung <pr.jung@samsung.com>

diff --git a/src/block/block.c b/src/block/block.c
index 100e9cb4e5f166a1785c520d0fc84d9049ec9a43..0102eea83e8ade5c29cee2fd1a2ea6f42eaa2ece 100644 (file)
--- a/src/block/block.c
+++ b/src/block/block.c
@@ -55,6 +55,7 @@
 #include "fd_handler.h"
 #include "utils.h"
 #include "apps.h"
+#include "storaged_common.h"
 
 /**
  * TODO  Assume root device is always mmcblk0*.
@@ -2026,6 +2027,7 @@ static int add_operation(struct block_device *bdev,
        op->invocation = invocation;
 
        /* Need to disble app2ext whenever unmounting mmc */
+       /* app2ext_disable_all_external_pkgs inside a critical section need to be avoided. */
        if (operation == BLOCK_DEV_UNMOUNT &&
                bdev->data->state == BLOCK_MOUNT &&
                bdev->data->block_type == BLOCK_MMC_DEV &&
@@ -3655,7 +3657,6 @@ static guint id_block_poweroff;
 
 static void block_init(void *data)
 {
-       struct stat buf;
        int ret;
        int i;
 
@@ -3700,41 +3701,19 @@ static void block_init(void *data)
                pthread_cond_init(&(th_manager[i].cond), NULL);
        }
 
-       ret = stat(EXTERNAL_STORAGE_PATH, &buf);
-       if (ret < 0) {
-               ret = mkdir(EXTERNAL_STORAGE_PATH, 0755);
-               if (ret < 0)
-                       _E("Failed to make directory: %d", errno);
-       } else if (!S_ISDIR(buf.st_mode)) {
-               ret = remove(EXTERNAL_STORAGE_PATH);
-               if (ret < 0)
-                       _E("Fail to remove %s. errno: %d", EXTERNAL_STORAGE_PATH, errno);
-               ret = mkdir(EXTERNAL_STORAGE_PATH, 0755);
-               if (ret < 0)
-                       _E("Failed to make directory: %d", errno);
-       } else {
-               ret = chmod(EXTERNAL_STORAGE_PATH, 0644);
-               if (ret < 0)
-                       _E("Fail to change permissions of a file");
-       }
+       ret = remove_directory(EXTERNAL_STORAGE_PATH);
+       if (ret < 0)
+               _E("Failed to remove directory");
+       ret = mkdir(EXTERNAL_STORAGE_PATH, 0755);
+       if (ret < 0)
+               _E("Failed to make directory: %d", errno);
 
-       ret = stat(EXTENDED_INTERNAL_PATH, &buf);
-       if (ret < 0) {
-               ret = mkdir(EXTENDED_INTERNAL_PATH, 0755);
-               if (ret < 0)
-                       _E("Failed to make directory: %d", errno);
-       } else if (!S_ISDIR(buf.st_mode)) {
-               ret = remove(EXTENDED_INTERNAL_PATH);
-               if (ret < 0)
-                       _E("Fail to remove %s. errno: %d", EXTENDED_INTERNAL_PATH, errno);
-               ret = mkdir(EXTENDED_INTERNAL_PATH, 0755);
-               if (ret < 0)
-                       _E("Failed to make directory: %d", errno);
-       } else {
-               ret = chmod(EXTENDED_INTERNAL_PATH, 0644);
-               if (ret < 0)
-                       _E("Fail to change permissions of a file");
-       }
+       ret = remove_directory(EXTENDED_INTERNAL_PATH);
+       if (ret < 0)
+               _E("Failed to remove directory");
+       ret = mkdir(EXTENDED_INTERNAL_PATH, 0755);
+       if (ret < 0)
+               _E("Failed to make directory: %d", errno);
 
        ret = get_internal_storage_number();
        if (ret < 0)

diff --git a/src/shared/common.c b/src/shared/common.c
index 76713ef7af8c76971aa33fa9756f78f17abd0115..97b263522fb77eca04f2301e2354361de989f850 100644 (file)
--- a/src/shared/common.c
+++ b/src/shared/common.c
@@ -45,6 +45,11 @@
 #define MODEL_NAME      "http://tizen.org/system/model_name"
 #define MODEL_EMULATOR  "Emulator"
 
+static const char *rm_arg[] = {
+       "/usr/bin/rm",
+       "-rf", NULL, NULL,
+};
+
 bool is_emulator(void)
 {
        int ret;
@@ -142,3 +147,12 @@ int run_child(int argc, const char *argv[])
 
        return r;
 }
+
+int remove_directory(const char*path)
+{
+       int argc;
+
+       argc = ARRAY_SIZE(rm_arg);
+       rm_arg[argc - 2] = path;
+       return run_child(argc, rm_arg);
+}

diff --git a/src/shared/storaged_common.h b/src/shared/storaged_common.h
index e0db5d471872b7b467b1f51e607a92e394f08ecf..f2baa39cdb7c8aa3d7198601d8f20a9cfca1d57b 100644 (file)
--- a/src/shared/storaged_common.h
+++ b/src/shared/storaged_common.h
@@ -40,6 +40,7 @@
 
 int run_child(int argc, const char *argv[]);
 bool is_emulator(void);
+int remove_directory(const char* path);
 
 #endif /* __STORAGED_COMMON_H__ */
 

diff --git a/src/storage/CMakeLists.txt b/src/storage/CMakeLists.txt
index d2a97ee3285ba5a6003a2ed4aa850a789b17616d..f6bcde070a5a6d2c30a3583637f32f21855af2b9 100644 (file)
--- a/src/storage/CMakeLists.txt
+++ b/src/storage/CMakeLists.txt
@@ -24,6 +24,7 @@ INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/src/shared)
 FILE(GLOB ALL_SRCS "*.c")
 SET(SRCS ${ALL_SRCS})
 SET(SHARED_SRCS
+       ../shared/common.c
        ../shared/config-parser.c
        ../shared/fd_handler.c
 )

diff --git a/src/storage/storage.c b/src/storage/storage.c
index 29a99605059574eda2e396ac20ea8d3cceac9980..d4bbcacdeb3f132d12e19637372140de9a5539eb 100644 (file)
--- a/src/storage/storage.c
+++ b/src/storage/storage.c
@@ -37,6 +37,7 @@
 #include "log.h"
 #include "config-parser.h"
 #include "module-intf.h"
+#include "storaged_common.h"
 
 #define MEMORY_STATUS_TMP_PATH  "/tmp"
 #define MEMORY_STATUS_OPT_PATH  "/opt"
@@ -707,7 +708,6 @@ static void storage_config_load(struct storage_config_info *info)
 
 static void storage_init(void *data)
 {
-       struct stat buf;
        int ret;
 
        storage_config_load(&storage_internal_info);
@@ -728,41 +728,19 @@ static void storage_init(void *data)
        if (ret < 0)
                _E("Failed to register dbus interface and methods(%d)", ret);
 
-       ret = stat(STORAGED_DIR_PATH, &buf);
-       if (ret < 0) {
-               ret = mkdir(STORAGED_DIR_PATH, 0644);
-               if (ret < 0)
-                       _E("Failed to make directory: %d", errno);
-       } else if (!S_ISDIR(buf.st_mode)) {
-               ret = remove(STORAGED_DIR_PATH);
-               if (ret < 0)
-                       _E("Fail to remove %s. errno: %d", STORAGED_DIR_PATH, errno);
-               ret = mkdir(STORAGED_DIR_PATH, 0644);
-               if (ret < 0)
-                       _E("Failed to make directory: %d", errno);
-       } else {
-               ret = chmod(STORAGED_DIR_PATH, 0644);
-               if (ret < 0)
-                       _E("Fail to change permissions of a file");
-       }
+       ret = remove_directory(STORAGED_DIR_PATH);
+       if (ret < 0)
+               _E("Failed to remove directory");
+       ret = mkdir(STORAGED_DIR_PATH, 0644);
+       if (ret < 0)
+               _E("Failed to make directory: %d", errno);
 
-       ret = stat(NEED_CLEANUP_DIR_PATH, &buf);
-       if (ret < 0) {
-               ret = mkdir(NEED_CLEANUP_DIR_PATH, 0644);
-               if (ret < 0)
-                       _E("Failed to make directory: %d", errno);
-       } else if (!S_ISDIR(buf.st_mode)) {
-               ret = remove(NEED_CLEANUP_DIR_PATH);
-               if (ret < 0)
-                       _E("Fail to remove %s. errno: %d", NEED_CLEANUP_DIR_PATH, errno);
-               ret = mkdir(NEED_CLEANUP_DIR_PATH, 0644);
-               if (ret < 0)
-                       _E("Failed to make directory: %d", errno);
-       } else {
-               ret = chmod(NEED_CLEANUP_DIR_PATH, 0644);
-               if (ret < 0)
-                       _E("Fail to change permissions of a file");
-       }
+       ret = remove_directory(NEED_CLEANUP_DIR_PATH);
+       if (ret < 0)
+               _E("Failed to remove directory");
+       ret = mkdir(NEED_CLEANUP_DIR_PATH, 0644);
+       if (ret < 0)
+               _E("Failed to make directory: %d", errno);
 }
 
 static void storage_exit(void *data)