Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 813b9e8c authored by Nicolas Geoffray's avatar Nicolas Geoffray
Browse files

Whitelist file descriptors created through memfd_create. 

ART has the need of creating such a file descriptor.

Bug: 119800099
Test: Device boots
Change-Id: Iefeab88e9f1b2dcf963ea913e416863191a52e8f
parent 7e62a930

core/jni/fd_utils.cpp

+14 −0
Original line number Diff line number Diff line
@@ -59,6 +59,10 @@ FileDescriptorWhitelist* FileDescriptorWhitelist::Get() { 
  return instance_;

}



static bool IsMemfd(const std::string& path) {

  return android::base::StartsWith(path, "/memfd:");

}



bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const {

  // Check the static whitelist path.

  for (const auto& whitelist_path : kPathWhitelist) {
@@ -87,6 +91,11 @@ bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const { 
    return true;

  }



  // In-memory files created through memfd_create are allowed.

  if (IsMemfd(path)) {

    return true;

  }



  // Whitelist files needed for Runtime Resource Overlay, like these:

  // /system/vendor/overlay/framework-res.apk

  // /system/vendor/overlay-subdir/pg/framework-res.apk
@@ -312,6 +321,11 @@ void FileDescriptorInfo::ReopenOrDetach(fail_fn_t fail_fn) const { 
    return DetachSocket(fail_fn);

  }



  // Children can directly use in-memory files created through memfd_create.

  if (IsMemfd(file_path)) {

    return;

  }



  // NOTE: This might happen if the file was unlinked after being opened.

  // It's a common pattern in the case of temporary files and the like but

  // we should not allow such usage from the zygote.