Merge "Whitelist file descriptors created through memfd_create."

2019-10-29 15:45:03 +00:00
parent 00639037d7 813b9e8cb4
commit d10a84cdfe
1 changed files with 14 additions and 0 deletions
--- a/core/jni/fd_utils.cpp
+++ b/core/jni/fd_utils.cpp
@@ -59,6 +59,10 @@ FileDescriptorWhitelist* FileDescriptorWhitelist::Get() {
  return instance_;
 }

+static bool IsMemfd(const std::string& path) {
+  return android::base::StartsWith(path, "/memfd:");
+}
+
 bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const {
  // Check the static whitelist path.
  for (const auto& whitelist_path : kPathWhitelist) {
@@ -87,6 +91,11 @@ bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const {
    return true;
  }

+  // In-memory files created through memfd_create are allowed.
+  if (IsMemfd(path)) {
+    return true;
+  }
+
  // Whitelist files needed for Runtime Resource Overlay, like these:
  // /system/vendor/overlay/framework-res.apk
  // /system/vendor/overlay-subdir/pg/framework-res.apk
@@ -312,6 +321,11 @@ void FileDescriptorInfo::ReopenOrDetach(fail_fn_t fail_fn) const {
    return DetachSocket(fail_fn);
  }

+  // Children can directly use in-memory files created through memfd_create.
+  if (IsMemfd(file_path)) {
+    return;
+  }
+
  // NOTE: This might happen if the file was unlinked after being opened.
  // It's a common pattern in the case of temporary files and the like but
  // we should not allow such usage from the zygote.