Merge changes I2e370952,I811cc8e1

		os.Exit(1)

	}

	disableError := false

	if e, ok := os.LookupEnv("TEMPORARY_DISABLE_PATH_RESTRICTIONS"); ok {

		disableError = e == "1" || e == "y" || e == "yes" || e == "on" || e == "true"

	}

	exitCode, err := Main(os.Stdout, os.Stderr, interposer, os.Args, mainOpts{

		disableError: disableError,

		sendLog:       paths.SendLog,

		config:        paths.GetConfig,

		lookupParents: lookupParents,

socket at <interposer>_log.`)

type mainOpts struct {

	disableError bool

	sendLog       func(logSocket string, entry *paths.LogEntry, done chan interface{})

	config        func(name string) paths.PathConfig

	lookupParents func() []paths.LogProcess

			}, waitForLog)

			defer func() { <-waitForLog }()

		}

		if config.Error && !opts.disableError {

		if config.Error {

			return 1, fmt.Errorf("%q is not allowed to be used. See https://android.googlesource.com/platform/build/+/master/Changes.md#PATH_Tools for more information.", base)

		}

	}

		execs = append(execs, parsePathDir(pathEntry)...)

	}

	allowAllSymlinks := config.Environment().IsEnvTrue("TEMPORARY_DISABLE_PATH_RESTRICTIONS")

	if config.Environment().IsEnvTrue("TEMPORARY_DISABLE_PATH_RESTRICTIONS") {

		ctx.Fatalln("TEMPORARY_DISABLE_PATH_RESTRICTIONS was a temporary migration method, and is now obsolete.")

	}

	for _, name := range execs {

		if !paths.GetConfig(name).Symlink && !allowAllSymlinks {

		if !paths.GetConfig(name).Symlink {

			continue

		}

		// For now, just map everything. Make most things readonly.

		"-R", "/",

		// Mount a writable tmp dir

		"-B", "/tmp",

		// Mount source are read-write

		"-B", sandboxConfig.srcDir,

		//Mount out dir as read-write

		"-B", sandboxConfig.outDir,

		// Mount a writable tmp dir

		"-B", "/tmp",

		// Disable newcgroup for now, since it may require newer kernels

		// TODO: try out cgroups

		"--disable_clone_newcgroup",