[Toybox] [PATCH] xabspath: use O_PATH.
enh
enh at google.com
Wed Mar 27 09:59:08 PDT 2019
nnk points out that all the opens in xabspath are potentially
affected. new patch attached:
[PATCH] xabspath: use O_PATH for dirfd.
SELinux on Android is unhappy if you try to read "/":
avc: denied { read } for name="/" dev="dm-3" ino=2
scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:rootfs:s0
tclass=dir permissive=0
That could happen via the open of ".." too, and potentially any other
directory might have similar restrictions, so move all of the open calls
to using O_PATH.
O_PATH seems more intention-revealing given what this function is doing anyway.
---
lib/xwrap.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
On Tue, Mar 26, 2019 at 7:36 PM Rob Landley <rob at landley.net> wrote:
>
> On 3/26/19 4:56 PM, enh via Toybox wrote:
> > SELinux on Android is unhappy if you try to read "/":
> >
> > avc: denied { read } for name="/" dev="dm-3" ino=2
> > scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:rootfs:s0
> > tclass=dir permissive=0
> >
> > O_PATH seems more intention-revealing anyway.
>
> When I first wrote that plumbing O_PATH wasn't in the 7 year rule (added by
> kernel commit 1abf0c718f15 in 2011 and took a while to diffuse into libc in
> distros), the kernel's well past and Ubuntu 14.04 is the oldest build
> environment I've been regression testing on recently, so... :)
>
> Rob
> _______________________________________________
> Toybox mailing list
> Toybox at lists.landley.net
> http://lists.landley.net/listinfo.cgi/toybox-landley.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-xabspath-use-O_PATH-for-dirfd.patch
Type: text/x-patch
Size: 2256 bytes
Desc: not available
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20190327/e10cfe70/attachment-0003.bin>
More information about the Toybox
mailing list