Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 465c5fb2a308348b5f962b41275f69b18241a6c5
commit465c5fb2a308348b5f962b41275f69b18241a6c5[log] [tgz]
authorTorne (Richard Coles) <torne@google.com>Tue Mar 24 17:57:50 2020 -0400
committerRichard Coles <torne@google.com>Wed Mar 25 14:24:24 2020 +0000
tree69d640175d6620f04d4f901c5afb93938254cce7
parent040c89290bbd6c6375b5f6ae05d8282477233779 [diff]
Don't include the data dir in zygote library paths.

When creating a LoadedApk in a zygote context (app zygote or WebView
zygote), don't add the app's data dir to the list of paths the dynamic
linker is allowed to load libraries from, because the linker's attempt
to canonicalize the path causes SELinux access denials. The process
can't access the data directory at all, so cannot load libraries from
there in any case.

Fixes: 149481620
Test: check for avc denials from webview_zygote
Change-Id: I9aceecaf6067e748cc2251782b0f41661cbb35d8
(cherry picked from commit e1579d4d14119e688fa3952d6bbc44ef81f942fe)
1 file changed
tree: 69d640175d6620f04d4f901c5afb93938254cce7
  1. apct-tests/
  2. apex/
  3. api/
  4. cmds/
  5. config/
  6. core/
  7. data/
  8. docs/
  9. drm/
  10. graphics/
  11. identity/
  12. keystore/
  13. libs/
  14. location/
  15. lowpan/
  16. media/
  17. mime/
  18. mms/
  19. native/
  20. nfc-extras/
  21. obex/
  22. opengl/
  23. packages/
  24. proto/
  25. rs/
  26. samples/
  27. sax/
  28. services/
  29. startop/
  30. telecomm/
  31. telephony/
  32. test-base/
  33. test-legacy/
  34. test-mock/
  35. test-runner/
  36. tests/
  37. tools/
  38. wifi/
  39. .clang-format
  40. .gitignore
  41. .mailmap
  42. Android.bp
  43. Android.mk
  44. ApiDocs.bp
  45. CleanSpec.mk
  46. framework-jarjar-rules.txt
  47. MODULE_LICENSE_APACHE2
  48. NOTICE
  49. pathmap.mk
  50. PREUPLOAD.cfg
  51. StubLibraries.bp
  52. TEST_MAPPING