diff options
| author | 2016-09-23 09:07:11 +0100 | |
|---|---|---|
| committer | 2017-01-10 11:16:31 -0800 | |
| commit | 0ff7ef60f504410cd9b704da31bcff80400a0019 (patch) | |
| tree | 9c7e8ac4cdbe57389e175556798df5edaa58eefe | |
| parent | 6a9ad14172619b7d61a5119d7f95e613d890f603 (diff) | |
Zygote: Additional whitelists for runtime overlay / other static resources.
Partially cherry picked from commit 1c15c635785c64a.
These files are safe to reopen for the same reason that files in
/system/framework are. They're regular files and will not change after
the first zygote fork.
(cherry picked from commit 25cd01cc69fcad34756b00e52a79c0c54178f2e6)
Bug: 32618130
Test: m
Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
| -rw-r--r-- | core/jni/fd_utils-inl.h | 45 |
1 files changed, 30 insertions, 15 deletions
diff --git a/core/jni/fd_utils-inl.h b/core/jni/fd_utils-inl.h index b78b8ffa2d5d..1a041f3b0c42 100644 --- a/core/jni/fd_utils-inl.h +++ b/core/jni/fd_utils-inl.h @@ -241,6 +241,18 @@ class FileDescriptorInfo { is_sock(false) { } + static bool StartsWith(const std::string& str, const std::string& prefix) { + return str.compare(0, prefix.size(), prefix) == 0; + } + + static bool EndsWith(const std::string& str, const std::string& suffix) { + if (suffix.size() > str.size()) { + return false; + } + + return str.compare(str.size() - suffix.size(), suffix.size(), suffix) == 0; + } + // Returns true iff. a given path is whitelisted. A path is whitelisted // if it belongs to the whitelist (see kPathWhitelist) or if it's a path // under /system/framework that ends with ".jar" or if it is a system @@ -252,31 +264,34 @@ class FileDescriptorInfo { } } - static const char* kFrameworksPrefix = "/system/framework/"; - static const char* kJarSuffix = ".jar"; - if (android::base::StartsWith(path, kFrameworksPrefix) - && android::base::EndsWith(path, kJarSuffix)) { + static const std::string kFrameworksPrefix = "/system/framework/"; + static const std::string kJarSuffix = ".jar"; + if (StartsWith(path, kFrameworksPrefix) && EndsWith(path, kJarSuffix)) { return true; } // Whitelist files needed for Runtime Resource Overlay, like these: // /system/vendor/overlay/framework-res.apk - // /system/vendor/overlay/PG/android-framework-runtime-resource-overlay.apk + // /system/vendor/overlay-subdir/pg/framework-res.apk // /data/resource-cache/system@vendor@overlay@framework-res.apk@idmap - // /data/resource-cache/system@vendor@overlay@PG@framework-res.apk@idmap - static const char* kOverlayDir = "/system/vendor/overlay/"; - static const char* kApkSuffix = ".apk"; - - if (android::base::StartsWith(path, kOverlayDir) - && android::base::EndsWith(path, kApkSuffix) + // /data/resource-cache/system@vendor@overlay-subdir@pg@framework-res.apk@idmap + // See AssetManager.cpp for more details on overlay-subdir. + static const std::string kOverlayDir = "/system/vendor/overlay/"; + static const std::string kVendorOverlayDir = "/vendor/overlay"; + static const std::string kOverlaySubdir = "/system/vendor/overlay-subdir/"; + static const std::string kApkSuffix = ".apk"; + + if ((StartsWith(path, kOverlayDir) || StartsWith(path, kOverlaySubdir) + || StartsWith(path, kVendorOverlayDir)) + && EndsWith(path, kApkSuffix) && path.find("/../") == std::string::npos) { return true; } - static const char* kOverlayIdmapPrefix = "/data/resource-cache/"; - static const char* kOverlayIdmapSuffix = ".apk@idmap"; - if (android::base::StartsWith(path, kOverlayIdmapPrefix) - && android::base::EndsWith(path, kOverlayIdmapSuffix)) { + static const std::string kOverlayIdmapPrefix = "/data/resource-cache/"; + static const std::string kOverlayIdmapSuffix = ".apk@idmap"; + if (StartsWith(path, kOverlayIdmapPrefix) && EndsWith(path, kOverlayIdmapSuffix) + && path.find("/../") == std::string::npos) { return true; } |