From 5a1319ce573a9273404e2ded4bce1459008dd048 Mon Sep 17 00:00:00 2001
From: Narayan Kamath <narayan@google.com>
Date: Mon, 7 Nov 2016 19:59:29 +0000
Subject: Zygote: Additional whitelisting for legacy devices.

On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.

Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.

Bug: 32691930
Test: manual
Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99
(cherry picked from commit 5e2f7c6229d7191183888d685b57a7d0a2835fce)
---
 core/jni/fd_utils-inl.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/core/jni/fd_utils-inl.h b/core/jni/fd_utils-inl.h
index 30fccf8..6c4ca6b 100644
--- a/core/jni/fd_utils-inl.h
+++ b/core/jni/fd_utils-inl.h
@@ -302,6 +302,12 @@ class FileDescriptorInfo {
       return true;
     }
 
+    // All regular files that are placed under this path are whitelisted automatically.
+    static const std::string kZygoteWhitelistPath = "/vendor/zygote_whitelist/";
+    if (StartsWith(path, kZygoteWhitelistPath) && path.find("/../") == std::string::npos) {
+      return true;
+    }
+
     return false;
   }
 
-- 
cgit v1.1