diff options
| author | Narayan Kamath <narayan@google.com> | 2016-11-07 19:59:29 +0000 |
|---|---|---|
| committer | Christopher R. Palmer <crpalmer@gmail.com> | 2017-02-03 20:27:33 -0500 |
| commit | 5a1319ce573a9273404e2ded4bce1459008dd048 (patch) | |
| tree | 781450651dbf6cb6ef3b63982d342a508245ebea | |
| parent | be484200b616e4eee4a8a8f10e663f9306df0b3a (diff) | |
| download | frameworks_base-5a1319ce573a9273404e2ded4bce1459008dd048.zip frameworks_base-5a1319ce573a9273404e2ded4bce1459008dd048.tar.gz frameworks_base-5a1319ce573a9273404e2ded4bce1459008dd048.tar.bz2 | |
Zygote: Additional whitelisting for legacy devices.
On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.
Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.
Bug: 32691930
Test: manual
Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99
(cherry picked from commit 5e2f7c6229d7191183888d685b57a7d0a2835fce)
| -rw-r--r-- | core/jni/fd_utils-inl.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/core/jni/fd_utils-inl.h b/core/jni/fd_utils-inl.h index 30fccf8..6c4ca6b 100644 --- a/core/jni/fd_utils-inl.h +++ b/core/jni/fd_utils-inl.h @@ -302,6 +302,12 @@ class FileDescriptorInfo { return true; } + // All regular files that are placed under this path are whitelisted automatically. + static const std::string kZygoteWhitelistPath = "/vendor/zygote_whitelist/"; + if (StartsWith(path, kZygoteWhitelistPath) && path.find("/../") == std::string::npos) { + return true; + } + return false; } |