...
The result is a file that is world readable but not writable. If one were to instead create a file via the native development kit using the java Java native interface and relied on the default permissions, the result would be a new file with the following permissions :
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
const char * fn = "/data/data/com.mine.work/file.txt"; const char * content = "Don't corrupt this content.\n"; fd = open(fn, O_CREAT|O_RDWR, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); err = write(fd, content, strlen(content)); close(fd); |
Risk Assessment
Allowing the default permissions when a file is created in native code may allow sensitive data to be revealed or corrupted.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DRD20-J | High | Probable | lowMedium | PP12 | LL1 |
Automated Detection
Calls to the functions that create files can be detected automatically but it is not feasible to automatically check that file permissions have been applied appropriately.
Related Guidelines
Bibliography
...