diff options
| author | Dimitry Ivanov <dimitry@google.com> | 2016-05-10 10:39:48 -0700 |
|---|---|---|
| committer | Dimitry Ivanov <dimitry@google.com> | 2016-05-10 10:39:48 -0700 |
| commit | f334cbf0e1425633bef96a21b0ce9e30f4c6ffa9 (patch) | |
| tree | ea96d0254bf8bee283020a4384cd17d7d7260ea5 /libnativeloader | |
| parent | cf9892b6d1b0138bdf2341aaa0670c43af27cb85 (diff) | |
| download | core-f334cbf0e1425633bef96a21b0ce9e30f4c6ffa9.tar.gz core-f334cbf0e1425633bef96a21b0ce9e30f4c6ffa9.tar.bz2 core-f334cbf0e1425633bef96a21b0ce9e30f4c6ffa9.zip | |
Extend white-listed directories to include /mnt/expand
Apps on sdcard live under /mnt/expand and therefore
this directory should be under linker namespaces
permitted_path.
Bug: http://b/28639227
Change-Id: I462f9f23656c95d9c2a48bb3f513abcd9d08f340
Diffstat (limited to 'libnativeloader')
| -rw-r--r-- | libnativeloader/native_loader.cpp | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/libnativeloader/native_loader.cpp b/libnativeloader/native_loader.cpp index 5c1db5b48..0b49b4106 100644 --- a/libnativeloader/native_loader.cpp +++ b/libnativeloader/native_loader.cpp @@ -40,6 +40,11 @@ namespace android { static constexpr const char* kPublicNativeLibrariesSystemConfigPathFromRoot = "/etc/public.libraries.txt"; static constexpr const char* kPublicNativeLibrariesVendorConfig = "/vendor/etc/public.libraries.txt"; +// (http://b/27588281) This is a workaround for apps using custom classloaders and calling +// System.load() with an absolute path which is outside of the classloader library search path. +// This list includes all directories app is allowed to access this way. +static constexpr const char* kWhitelistedDirectories = "/data:/mnt/expand"; + static bool is_debuggable() { char debuggable[PROP_VALUE_MAX]; property_get("ro.debuggable", debuggable, "0"); @@ -63,18 +68,17 @@ class LibraryNamespaces { library_path = library_path_utf_chars.c_str(); } - std::string permitted_path; + // (http://b/27588281) This is a workaround for apps using custom + // classloaders and calling System.load() with an absolute path which + // is outside of the classloader library search path. + // + // This part effectively allows such a classloader to access anything + // under /data and /mnt/expand + std::string permitted_path = kWhitelistedDirectories; + if (java_permitted_path != nullptr) { ScopedUtfChars path(env, java_permitted_path); - permitted_path = path.c_str(); - } else { - // (http://b/27588281) This is a workaround for apps using custom - // classloaders and calling System.load() with an absolute path which - // is outside of the classloader library search path. - // - // This part effectively allows such a classloader to access anything - // under /data - permitted_path = "/data"; + permitted_path = permitted_path + ":" + path.c_str(); } if (!initialized_ && !InitPublicNamespace(library_path.c_str(), target_sdk_version)) { |