(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)
When the standard methods of creating files in the Android SDK are used, the output files are created with the following permissions:
-rw-rw-r--
The result is a file that is world readable but not writable. If one were to instead create a file via the native development kit (NDK) using the java native interface (JNI) and relied on the default permissions, the result would be a new file with the following permissions :
-rw-rw-rw-
This file is world readable and world writable. When native code is used to create files, the umask of the zygote process is inherited which is set to 000. Such relaxed permissions could potentially lead to security issues since the new file may be corrupted intentionally or otherwise by another application on the device if the file location is known.
[Oracle 2014].
Noncompliant Code Example
In this noncompliant example, native C code is used to create a text file and write to it. However, this will result in a new file that is both world readable and writable.
Code Block | ||||
---|---|---|---|---|
| ||||
FILE * fp = fopen("/data/data/com.mine.work/file.txt", "a");
fprintf(fp, "Don't alter this content.\n");
fclose(fp); |
Compliant Solution (Set Umask)
In this compliant example, the user forces the permissions of the created file to match those of the SDK by changing the process's umask using the umask() C library call.
Code Block | ||||
---|---|---|---|---|
| ||||
umask(002);
FILE * fp = fopen("/data/data/com.mine.work/file.txt", "a");
fprintf(fp, "Don't corrupt this content.\n");
fclose(fp); |
Compliant Solution (Specify File Permissions)
In this compliant example, the user explicitly specifies the created file's permissions using the open() system call.
Code Block | ||||
---|---|---|---|---|
| ||||
const char * fn = "/data/data/com.mine.work/file.txt";
const char * content = "Don't corrupt this content.\n";
fd = open(fn, O_CREAT|O_RDWR, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
err = write(fd, content, strlen(content));
close(fd); |
Exceptions
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DRD20-J | low | P | L |
Automated Detection
Related Guidelines
Bibliography
...