diff options
author | Narayan Kamath <narayan@google.com> | 2016-11-07 19:59:29 +0000 |
---|---|---|
committer | android-merger <android-merger@vpba3.mtv.corp.google.com> | 2017-01-03 16:17:44 -0800 |
commit | 7f0c2c8a9cf9bda249cb79841a7b0eefd0e657b4 (patch) | |
tree | e55eba307d2a6a5d447192d325c37c345f9d9030 | |
parent | f5224258edd6588046b987bd8484df2c100baadc (diff) | |
download | base-7f0c2c8a9cf9bda249cb79841a7b0eefd0e657b4.tar.gz |
Zygote: Additional whitelisting for legacy devices.
On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.
Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.
Bug: 32691930
Test: manual
Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99
(cherry picked from commit 5e2f7c6229d7191183888d685b57a7d0a2835fce)
-rw-r--r-- | core/jni/fd_utils-inl.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/core/jni/fd_utils-inl.h b/core/jni/fd_utils-inl.h index 3f91feb254d7..d1129a3ef593 100644 --- a/core/jni/fd_utils-inl.h +++ b/core/jni/fd_utils-inl.h @@ -293,6 +293,12 @@ class FileDescriptorInfo { return true; } + // All regular files that are placed under this path are whitelisted automatically. + static const std::string kZygoteWhitelistPath = "/vendor/zygote_whitelist/"; + if (StartsWith(path, kZygoteWhitelistPath) && path.find("/../") == std::string::npos) { + return true; + } + return false; } |