Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f701ba36 authored by Narayan Kamath's avatar Narayan Kamath Committed by Andreas Gampe
Browse files

Zygote: Additional whitelisting for legacy devices. 

On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.

Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.

(cherry picked from commit 5e2f7c62)

Bug: 32691930
Test: manual
Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99
parent 0ff7ef60

core/jni/fd_utils-inl.h

+6 −0
Original line number Diff line number Diff line
@@ -295,6 +295,12 @@ class FileDescriptorInfo { 
      return true;

    }



    // All regular files that are placed under this path are whitelisted automatically.

    static const std::string kZygoteWhitelistPath = "/vendor/zygote_whitelist/";

    if (StartsWith(path, kZygoteWhitelistPath) && path.find("/../") == std::string::npos) {

      return true;

    }



    return false;

  }