diff options
author | Bertrand SIMONNET <bsimonnet@google.com> | 2015-09-22 13:29:25 -0700 |
---|---|---|
committer | Bertrand SIMONNET <bsimonnet@google.com> | 2015-09-22 14:13:18 -0700 |
commit | 9d44d9dd53bd3da3b01445a52b5d2420dc40f9b2 (patch) | |
tree | 3b6d7e78bd8d53aeaf12825a24bf27fe8d962d32 | |
parent | 134aa097b9106e63e1622389fbb0d5543bd3d558 (diff) | |
download | rootdev-9d44d9dd53bd3da3b01445a52b5d2420dc40f9b2.tar.gz |
rootdev: Don't try to access /dev/block.android-wear-n-preview-3android-wear-n-preview-1android-n-preview-4android-n-preview-3android-n-preview-2android-n-preview-1android-cts_7.1_r1android-cts-7.1_r9android-cts-7.1_r8android-cts-7.1_r7android-cts-7.1_r6android-cts-7.1_r5android-cts-7.1_r4android-cts-7.1_r3android-cts-7.1_r29android-cts-7.1_r28android-cts-7.1_r27android-cts-7.1_r26android-cts-7.1_r25android-cts-7.1_r24android-cts-7.1_r23android-cts-7.1_r22android-cts-7.1_r21android-cts-7.1_r20android-cts-7.1_r2android-cts-7.1_r19android-cts-7.1_r18android-cts-7.1_r17android-cts-7.1_r16android-cts-7.1_r15android-cts-7.1_r14android-cts-7.1_r13android-cts-7.1_r12android-cts-7.1_r11android-cts-7.1_r10android-cts-7.1_r1android-cts-7.0_r9android-cts-7.0_r8android-cts-7.0_r7android-cts-7.0_r6android-cts-7.0_r5android-cts-7.0_r4android-cts-7.0_r33android-cts-7.0_r32android-cts-7.0_r31android-cts-7.0_r30android-cts-7.0_r3android-cts-7.0_r29android-cts-7.0_r28android-cts-7.0_r27android-cts-7.0_r26android-cts-7.0_r25android-cts-7.0_r24android-cts-7.0_r23android-cts-7.0_r22android-cts-7.0_r21android-cts-7.0_r20android-cts-7.0_r2android-cts-7.0_r19android-cts-7.0_r18android-cts-7.0_r17android-cts-7.0_r16android-cts-7.0_r15android-cts-7.0_r14android-cts-7.0_r13android-cts-7.0_r12android-cts-7.0_r11android-cts-7.0_r10android-cts-7.0_r1android-7.1.2_r9android-7.1.2_r8android-7.1.2_r6android-7.1.2_r5android-7.1.2_r4android-7.1.2_r39android-7.1.2_r38android-7.1.2_r37android-7.1.2_r36android-7.1.2_r33android-7.1.2_r32android-7.1.2_r30android-7.1.2_r3android-7.1.2_r29android-7.1.2_r28android-7.1.2_r27android-7.1.2_r25android-7.1.2_r24android-7.1.2_r23android-7.1.2_r2android-7.1.2_r19android-7.1.2_r18android-7.1.2_r17android-7.1.2_r16android-7.1.2_r15android-7.1.2_r14android-7.1.2_r13android-7.1.2_r12android-7.1.2_r11android-7.1.2_r10android-7.1.2_r1android-7.1.1_r9android-7.1.1_r8android-7.1.1_r7android-7.1.1_r61android-7.1.1_r60android-7.1.1_r6android-7.1.1_r59android-7.1.1_r58android-7.1.1_r57android-7.1.1_r56android-7.1.1_r55android-7.1.1_r54android-7.1.1_r53android-7.1.1_r52android-7.1.1_r51android-7.1.1_r50android-7.1.1_r49android-7.1.1_r48android-7.1.1_r47android-7.1.1_r46android-7.1.1_r45android-7.1.1_r44android-7.1.1_r43android-7.1.1_r42android-7.1.1_r41android-7.1.1_r40android-7.1.1_r4android-7.1.1_r39android-7.1.1_r38android-7.1.1_r35android-7.1.1_r33android-7.1.1_r32android-7.1.1_r31android-7.1.1_r3android-7.1.1_r28android-7.1.1_r27android-7.1.1_r26android-7.1.1_r25android-7.1.1_r24android-7.1.1_r23android-7.1.1_r22android-7.1.1_r21android-7.1.1_r20android-7.1.1_r2android-7.1.1_r17android-7.1.1_r16android-7.1.1_r15android-7.1.1_r14android-7.1.1_r13android-7.1.1_r12android-7.1.1_r11android-7.1.1_r10android-7.1.1_r1android-7.1.0_r7android-7.1.0_r6android-7.1.0_r5android-7.1.0_r4android-7.1.0_r3android-7.1.0_r2android-7.1.0_r1android-7.0.0_r9android-7.0.0_r8android-7.0.0_r7android-7.0.0_r6android-7.0.0_r5android-7.0.0_r4android-7.0.0_r36android-7.0.0_r35android-7.0.0_r34android-7.0.0_r33android-7.0.0_r32android-7.0.0_r31android-7.0.0_r30android-7.0.0_r3android-7.0.0_r29android-7.0.0_r28android-7.0.0_r27android-7.0.0_r24android-7.0.0_r21android-7.0.0_r19android-7.0.0_r17android-7.0.0_r15android-7.0.0_r14android-7.0.0_r13android-7.0.0_r12android-7.0.0_r11android-7.0.0_r10android-7.0.0_r1nougat-releasenougat-mr2.3-releasenougat-mr2.2-releasenougat-mr2.1-releasenougat-mr2-security-releasenougat-mr2-releasenougat-mr2-pixel-releasenougat-mr2-devnougat-mr1.8-releasenougat-mr1.7-releasenougat-mr1.6-releasenougat-mr1.5-releasenougat-mr1.4-releasenougat-mr1.3-releasenougat-mr1.2-releasenougat-mr1.1-releasenougat-mr1-volantis-releasenougat-mr1-security-releasenougat-mr1-releasenougat-mr1-flounder-releasenougat-mr1-devnougat-mr1-cts-releasenougat-mr0.5-releasenougat-dr1-releasenougat-devnougat-cts-releasenougat-bugfix-releasebrillo-m9-releasebrillo-m9-devbrillo-m8-releasebrillo-m8-devbrillo-m7-releasebrillo-m7-mr-devbrillo-m7-devbrillo-m10-releasebrillo-m10-dev
When the device used to back a path is found in /sys/block, rootdev will
double check that /dev/block/<device name> exists and that the dev_t
matches the one in /sys/block/.
On Android, the manufacturer can add an SELinux context for that device
node which will prevent core daemons from accessing it, failing the call
to rootdev.
To avoid this, rootdev should return the device node path without trying
to access it.
This CL also enable building with Clang to ensure we use the strictest
compiler possible.
BUG: 24143423
BUG: 24267261
TEST: metricsd starts and find the main disk without any SELinux denial.
TEST: builds with clang and -Werror.
Change-Id: Icfe64695c28277d4c8eb9c89de1e13a767a703b8
-rw-r--r-- | Android.mk | 2 | ||||
-rw-r--r-- | rootdev.c | 14 | ||||
-rw-r--r-- | rootdev.h | 13 |
3 files changed, 13 insertions, 16 deletions
@@ -23,6 +23,7 @@ rootdev_CFLAGS := -Wall -Werror -Wno-sign-compare include $(CLEAR_VARS) LOCAL_MODULE := librootdev LOCAL_CFLAGS += $(rootdev_CFLAGS) +LOCAL_CLANG := true LOCAL_CPPFLAGS += $(rootdev_CPPFLAGS) LOCAL_SRC_FILES := rootdev.c LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) @@ -32,6 +33,7 @@ include $(BUILD_SHARED_LIBRARY) include $(CLEAR_VARS) LOCAL_MODULE := rootdev LOCAL_CFLAGS += $(rootdev_CFLAGS) +LOCAL_CLANG := true LOCAL_CPPFLAGS += $(rootdev_CPPFLAGS) LOCAL_SHARED_LIBRARIES := librootdev LOCAL_SRC_FILES := main.c @@ -343,9 +343,8 @@ int rootdev_create_devices(const char *name, dev_t dev, bool symlink) { } int rootdev_get_path(char *path, size_t size, const char *device, - dev_t dev, const char *dev_path) { + const char *dev_path) { int path_len; - struct stat dev_statbuf; if (!dev_path) dev_path = kDefaultDevPath; @@ -357,11 +356,10 @@ int rootdev_get_path(char *path, size_t size, const char *device, if (path_len != strlen(dev_path) + 1 + strlen(device)) return -1; - if (stat(path, &dev_statbuf) != 0) - return 1; - - if (dev && dev != dev_statbuf.st_rdev) - return 2; + // TODO(bsimonnet): We should check that |path| exists and is the right + // device. We don't do this currently as OEMs can add custom SELinux rules + // which may prevent us from accessing this. + // See b/24267261. return 0; } @@ -397,7 +395,7 @@ int rootdev_wrapper(char *path, size_t size, rootdev_strip_partition(devname, size); } - res = rootdev_get_path(path, size, devname, *dev, dev_path); + res = rootdev_get_path(path, size, devname, dev_path); return res; } @@ -71,7 +71,6 @@ void rootdev_get_device_slave(char *slave, size_t size, dev_t *dev, * @path: char array to store the path * @size: size of @devpath * @device: name of the device - * @dev: optional expected dev_t of the node. * @dev_path: path to dev tree. NULL for default (/dev) * * A @dev of 0 is ignored. @@ -79,16 +78,14 @@ void rootdev_get_device_slave(char *slave, size_t size, dev_t *dev, * @path is populated for all return codes. * Returns 0 on success and non-zero on error: * -1 on unexpected errors (@path may be invalid) - * 1 on no existing @path - * 2 @path exists but the dev_t value is mismatched. * * Nb, this function does NOT search /dev for a match. It performs a normal - * string concatenation and probes for the existence. If udev has moved, - * or otherwise renamed, the device, a positive value is returned. - * The caller may then use the dev_t and @path to create the node with - * mknod(2). + * string concatenation. + * We can't check if the device actually exists as vendors may create an + * SELinux context we don't know about for it (in which case, this function + * would always fail). */ -int rootdev_get_path(char *path, size_t size, const char *device, dev_t dev, +int rootdev_get_path(char *path, size_t size, const char *device, const char *dev_path); const char *rootdev_get_partition(const char *dst, size_t len); |