Zygote: Additional whitelisting for legacy devices.

On M and below, we provide a blanket whitelist for all files under "/vendor/zygote_whitelist". This path is whitelisted purely to allow this patch to be applied easily on legacy devices and configurations. Note that this does not amount to a loosening of our security policy because whitelisted files are reopened anyway. Bug: 32691930 Test: manual Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99 (cherry picked from commit 5e2f7c6229d7191183888d685b57a7d0a2835fce)

Zygote: Additional whitelisting for legacy devices.
On M and below, we provide a blanket whitelist for all files under "/vendor/zygote_whitelist". This path is whitelisted purely to allow this patch to be applied easily on legacy devices and configurations. Note that this does not amount to a loosening of our security policy because whitelisted files are reopened anyway. Bug: 32691930 Test: manual Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99 (cherry picked from commit 5e2f7c6229d7191183888d685b57a7d0a2835fce)
43438dab · Narayan Kamath · gitbuildkicker · a2aab2d0 · 43438dab
Commit 43438dab authored 8 years ago by Narayan Kamath Committed by gitbuildkicker 8 years ago
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

core/jni/fd_utils-inl.h core/jni/fd_utils-inl.h +6 -0

No files found.
--- a/core/jni/fd_utils-inl.h
+++ b/core/jni/fd_utils-inl.h
@@ -294,6 +294,12 @@ class FileDescriptorInfo {
      return true;
    }

+    // All regular files that are placed under this path are whitelisted automatically.
+    static const std::string kZygoteWhitelistPath = "/vendor/zygote_whitelist/";
+    if (StartsWith(path, kZygoteWhitelistPath) && path.find("/../") == std::string::npos) {
+      return true;
+    }
+
    return false;
  }