diff options
| author | Elliott Hughes <enh@google.com> | 2019-03-27 09:56:27 -0700 |
|---|---|---|
| committer | Rob Landley <rob@landley.net> | 2019-03-27 16:05:42 -0500 |
| commit | 527045debecb95721f70012ee1a6216b3d149b1e (patch) | |
| tree | 618d69dab113670209d772bd018964da78a67b64 | |
| parent | 4eb39e1e3c9454635a8512b51931efe4ba2c14ed (diff) | |
| download | toybox-527045debecb95721f70012ee1a6216b3d149b1e.tar.gz | |
xabspath: use O_PATH for dirfd.
SELinux on Android is unhappy if you try to read "/":
avc: denied { read } for name="/" dev="dm-3" ino=2 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0
That could happen via the open of ".." too, and potentially any other
directory might have similar restrictions, so move all of the open calls
to using O_PATH.
O_PATH seems more intention-revealing given what this function is doing anyway.
| -rw-r--r-- | lib/xwrap.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/xwrap.c b/lib/xwrap.c index 2e2ccbc1..778cb38d 100644 --- a/lib/xwrap.c +++ b/lib/xwrap.c @@ -554,7 +554,7 @@ char *xabspath(char *path, int exact) if (missing) missing--; else { - if (-1 == (x = openat(dirfd, "..", 0))) goto error; + if (-1 == (x = openat(dirfd, "..", O_PATH))) goto error; close(dirfd); dirfd = x; } @@ -578,7 +578,7 @@ char *xabspath(char *path, int exact) } if (errno != EINVAL && (exact || todo)) goto error; - fd = openat(dirfd, new->str, 0); + fd = openat(dirfd, new->str, O_PATH); if (fd == -1 && (exact || todo || errno != ENOENT)) goto error; close(dirfd); dirfd = fd; @@ -591,7 +591,7 @@ char *xabspath(char *path, int exact) llist_traverse(done, free); done=0; close(dirfd); - dirfd = open("/", 0); + dirfd = open("/", O_PATH); } free(new); @@ -611,7 +611,7 @@ char *xabspath(char *path, int exact) try = 2; while (done) { - struct string_list *temp = llist_pop(&done);; + struct string_list *temp = llist_pop(&done); if (todo) try++; try += strlen(temp->str); |