Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Zygote: Additional whitelists for runtime overlay / other static resources.

Browse Source 
am: 9087f331a8

Change-Id: I800230fd9a4baf543d53834b00019f81aa07bdc9
This commit is contained in:
Narayan Kamath
2016-11-14 17:25:09 +00:00
committed by android-build-merger
parent d3a15478a7 9087f331a8
commit 50c5f04262
1 changed files with 29 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
core/jni/fd_utils-inl.h
View File

@@ -240,6 +240,18 @@ class FileDescriptorInfo {
is_sock(false) {
}
static bool StartsWith(const std::string& str, const std::string& prefix) {
return str.compare(0, prefix.size(), prefix) == 0;
}
static bool EndsWith(const std::string& str, const std::string& suffix) {
if (suffix.size() > str.size()) {
return false;
}
return str.compare(str.size() - suffix.size(), suffix.size(), suffix) == 0;
}
// Returns true iff. a given path is whitelisted. A path is whitelisted
// if it belongs to the whitelist (see kPathWhitelist) or if it's a path
// under /system/framework that ends with ".jar" or if it is a system
@@ -251,31 +263,34 @@ class FileDescriptorInfo {
}
}
static const char* kFrameworksPrefix = "/system/framework/";
static const char* kJarSuffix = ".jar";
if (android::base::StartsWith(path, kFrameworksPrefix)
&& android::base::EndsWith(path, kJarSuffix)) {
static const std::string kFrameworksPrefix = "/system/framework/";
static const std::string kJarSuffix = ".jar";
if (StartsWith(path, kFrameworksPrefix) && EndsWith(path, kJarSuffix)) {
return true;
}
// Whitelist files needed for Runtime Resource Overlay, like these:
// /system/vendor/overlay/framework-res.apk
// /system/vendor/overlay/PG/android-framework-runtime-resource-overlay.apk
// /system/vendor/overlay-subdir/pg/framework-res.apk
// /data/resource-cache/system@vendor@overlay@framework-res.apk@idmap
// /data/resource-cache/system@vendor@overlay@PG@framework-res.apk@idmap
static const char* kOverlayDir = "/system/vendor/overlay/";
static const char* kApkSuffix = ".apk";
// /data/resource-cache/system@vendor@overlay-subdir@pg@framework-res.apk@idmap
// See AssetManager.cpp for more details on overlay-subdir.
static const std::string kOverlayDir = "/system/vendor/overlay/";
static const std::string kVendorOverlayDir = "/vendor/overlay";
static const std::string kOverlaySubdir = "/system/vendor/overlay-subdir/";
static const std::string kApkSuffix = ".apk";
if (android::base::StartsWith(path, kOverlayDir)
&& android::base::EndsWith(path, kApkSuffix)
if ((StartsWith(path, kOverlayDir) || StartsWith(path, kOverlaySubdir)
|| StartsWith(path, kVendorOverlayDir))
&& EndsWith(path, kApkSuffix)
&& path.find("/../") == std::string::npos) {
return true;
}
static const char* kOverlayIdmapPrefix = "/data/resource-cache/";
static const char* kOverlayIdmapSuffix = ".apk@idmap";
if (android::base::StartsWith(path, kOverlayIdmapPrefix)
&& android::base::EndsWith(path, kOverlayIdmapSuffix)) {
static const std::string kOverlayIdmapPrefix = "/data/resource-cache/";
static const std::string kOverlayIdmapSuffix = ".apk@idmap";
if (StartsWith(path, kOverlayIdmapPrefix) && EndsWith(path, kOverlayIdmapSuffix)
&& path.find("/../") == std::string::npos) {
return true;
}