Loading core/jni/fd_utils.cpp +6 −15 Original line number Diff line number Diff line Loading @@ -33,16 +33,6 @@ // Static whitelist of open paths that the zygote is allowed to keep open. static const char* kPathWhitelist[] = { "/apex/com.android.conscrypt/javalib/conscrypt.jar", "/apex/com.android.ipsec/javalib/ike.jar", "/apex/com.android.i18n/javalib/core-icu4j.jar", "/apex/com.android.media/javalib/updatable-media.jar", "/apex/com.android.mediaprovider/javalib/framework-mediaprovider.jar", "/apex/com.android.os.statsd/javalib/framework-statsd.jar", "/apex/com.android.permission/javalib/framework-permission.jar", "/apex/com.android.sdkext/javalib/framework-sdkextensions.jar", "/apex/com.android.wifi/javalib/framework-wifi.jar", "/apex/com.android.tethering/javalib/framework-tethering.jar", "/dev/null", "/dev/socket/zygote", "/dev/socket/zygote_secondary", Loading Loading @@ -100,10 +90,11 @@ bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const { } } // Jars from the ART APEX are allowed. static const char* kArtApexPrefix = "/apex/com.android.art/javalib/"; if (android::base::StartsWith(path, kArtApexPrefix) && android::base::EndsWith(path, kJarSuffix)) { // Jars from APEXes are allowed. This matches /apex/**/javalib/*.jar. static const char* kApexPrefix = "/apex/"; static const char* kApexJavalibPathSuffix = "/javalib"; if (android::base::StartsWith(path, kApexPrefix) && android::base::EndsWith(path, kJarSuffix) && android::base::EndsWith(android::base::Dirname(path), kApexJavalibPathSuffix)) { return true; } Loading Loading
core/jni/fd_utils.cpp +6 −15 Original line number Diff line number Diff line Loading @@ -33,16 +33,6 @@ // Static whitelist of open paths that the zygote is allowed to keep open. static const char* kPathWhitelist[] = { "/apex/com.android.conscrypt/javalib/conscrypt.jar", "/apex/com.android.ipsec/javalib/ike.jar", "/apex/com.android.i18n/javalib/core-icu4j.jar", "/apex/com.android.media/javalib/updatable-media.jar", "/apex/com.android.mediaprovider/javalib/framework-mediaprovider.jar", "/apex/com.android.os.statsd/javalib/framework-statsd.jar", "/apex/com.android.permission/javalib/framework-permission.jar", "/apex/com.android.sdkext/javalib/framework-sdkextensions.jar", "/apex/com.android.wifi/javalib/framework-wifi.jar", "/apex/com.android.tethering/javalib/framework-tethering.jar", "/dev/null", "/dev/socket/zygote", "/dev/socket/zygote_secondary", Loading Loading @@ -100,10 +90,11 @@ bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const { } } // Jars from the ART APEX are allowed. static const char* kArtApexPrefix = "/apex/com.android.art/javalib/"; if (android::base::StartsWith(path, kArtApexPrefix) && android::base::EndsWith(path, kJarSuffix)) { // Jars from APEXes are allowed. This matches /apex/**/javalib/*.jar. static const char* kApexPrefix = "/apex/"; static const char* kApexJavalibPathSuffix = "/javalib"; if (android::base::StartsWith(path, kApexPrefix) && android::base::EndsWith(path, kJarSuffix) && android::base::EndsWith(android::base::Dirname(path), kApexJavalibPathSuffix)) { return true; } Loading
