Zygote: Additional whitelisting for legacy devices.

On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.

Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.

Bug: 32691930
Test: manual

(cherry picked from commit 5e2f7c6229)

Change-Id: I9700fc7b469d0bc4d876c52292f25888b94a5223

core/jni/fd_utils-inl.h

@@ -297,6 +297,12 @@ class FileDescriptorInfo {
       return true;
     }
 
+    // All regular files that are placed under this path are whitelisted automatically.
+    static const std::string kZygoteWhitelistPath = "/vendor/zygote_whitelist/";
+    if (StartsWith(path, kZygoteWhitelistPath) && path.find("/../") == std::string::npos) {
+      return true;
+    }
+
     return false;
   }