diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2017-09-24 07:41:06 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2017-09-24 07:41:06 +0000 |
commit | cb26c62ae5030c0f1b96e34edc4e06dbff8a34ad (patch) | |
tree | 51d071ce6316fc92c2ababeaa3eb793bce05fe6a | |
parent | 71c4f1677847056d8ab809728365bee35b8d1e20 (diff) | |
parent | 52cd1e7a4202799d71f2400381e94307599aef5b (diff) | |
download | bionic-cb26c62ae5030c0f1b96e34edc4e06dbff8a34ad.tar.gz |
release-request-2950741e-0b24-4d70-b748-67bb2b5435b5-for-git_oc-mr1-release-4357583 snap-temp-L55500000105655441
Change-Id: I1d41b3558d9c890e9ef209a0365b42b47ced51c5
-rw-r--r-- | linker/linker_config.cpp | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/linker/linker_config.cpp b/linker/linker_config.cpp index 0a9aeab2a..e036c05d9 100644 --- a/linker/linker_config.cpp +++ b/linker/linker_config.cpp @@ -320,7 +320,7 @@ class Properties { return (it == properties_.end()) ? "" : it->second.value(); } - std::vector<std::string> get_paths(const std::string& name, size_t* lineno = nullptr) { + std::vector<std::string> get_paths(const std::string& name, bool resolve, size_t* lineno = nullptr) { std::string paths_str = get_string(name, lineno); std::vector<std::string> paths; @@ -338,12 +338,16 @@ class Properties { format_string(&path, params); } - std::vector<std::string> resolved_paths; + if (resolve) { + std::vector<std::string> resolved_paths; - // do not remove paths that do not exist - resolve_paths(paths, &resolved_paths); + // do not remove paths that do not exist + resolve_paths(paths, &resolved_paths); - return resolved_paths; + return resolved_paths; + } else { + return paths; + } } void set_target_sdk_version(int target_sdk_version) { @@ -465,8 +469,18 @@ bool Config::read_binary_config(const char* ld_config_file_path, property_name_prefix += ".asan"; } - ns_config->set_search_paths(properties.get_paths(property_name_prefix + ".search.paths")); - ns_config->set_permitted_paths(properties.get_paths(property_name_prefix + ".permitted.paths")); + // search paths are resolved (canonicalized). This is required mainly for + // the case when /vendor is a symlink to /system/vendor, which is true for + // non Treble-ized legacy devices. + ns_config->set_search_paths(properties.get_paths(property_name_prefix + ".search.paths", true)); + + // However, for permitted paths, we are not required to resolve the paths + // since they are only set for isolated namespaces, which implies the device + // is Treble-ized (= /vendor is not a symlink to /system/vendor). + // In fact, the resolving is causing an unexpected side effect of selinux + // denials on some executables which are not allowed to access some of the + // permitted paths. + ns_config->set_permitted_paths(properties.get_paths(property_name_prefix + ".permitted.paths", false)); } failure_guard.Disable(); |