From 7d302e018db99e859b465413d514406fb02f4d8d Mon Sep 17 00:00:00 2001 From: Narayan Kamath Date: Mon, 7 Nov 2016 19:59:29 +0000 Subject: Zygote: Additional whitelisting for legacy devices. On M and below, we provide a blanket whitelist for all files under "/vendor/zygote_whitelist". This path is whitelisted purely to allow this patch to be applied easily on legacy devices and configurations. Note that this does not amount to a loosening of our security policy because whitelisted files are reopened anyway. Bug: 32691930 Test: manual (cherry picked from commit 5e2f7c6229d7191183888d685b57a7d0a2835fce) Change-Id: I9700fc7b469d0bc4d876c52292f25888b94a5223 --- core/jni/fd_utils-inl.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/core/jni/fd_utils-inl.h b/core/jni/fd_utils-inl.h index 2d7ba1c58465..53b2a0ddc1ca 100644 --- a/core/jni/fd_utils-inl.h +++ b/core/jni/fd_utils-inl.h @@ -297,6 +297,12 @@ class FileDescriptorInfo { return true; } + // All regular files that are placed under this path are whitelisted automatically. + static const std::string kZygoteWhitelistPath = "/vendor/zygote_whitelist/"; + if (StartsWith(path, kZygoteWhitelistPath) && path.find("/../") == std::string::npos) { + return true; + } + return false; } -- cgit v1.2.3-59-g8ed1b