Commit 607c0b79 authored Mar 31, 2021 by Colin Cross

Fix multiple copies of read-only files in sbox

Sbox preserves the permissions of input files when copying them into the
sandbox.  A read-only file copied into the sandbox multiple times causes
a permission denied error on the second write.  Building in Bazel results
in more read-only files, which triggers the issue on existing sbox rules
with duplicate input files.  Remove the destination file when copying if
it exists.

Bug: 184113103
Test: m USE_BAZEL=true
Change-Id: I7edf92d82b766100e3cbbd90d22428269d7d0167

parent 3fbf2bea

cmd/sbox/sbox.go

+8 −0

Original line number	Diff line number	Diff line
		@@ -387,6 +387,14 @@ func copyOneFile(from string, to string, executable bool) error {
		}
		defer in.Close()

		// Remove the target before copying. In most cases the file won't exist, but if there are
		// duplicate copy rules for a file and the source file was read-only the second copy could
		// fail.
		err = os.Remove(to)
		if err != nil && !os.IsNotExist(err) {
		return err
		}

		out, err := os.Create(to)
		if err != nil {
		return err