From 527045debecb95721f70012ee1a6216b3d149b1e Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Wed, 27 Mar 2019 09:56:27 -0700 Subject: xabspath: use O_PATH for dirfd. SELinux on Android is unhappy if you try to read "/": avc: denied { read } for name="/" dev="dm-3" ino=2 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0 That could happen via the open of ".." too, and potentially any other directory might have similar restrictions, so move all of the open calls to using O_PATH. O_PATH seems more intention-revealing given what this function is doing anyway. --- lib/xwrap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/xwrap.c') diff --git a/lib/xwrap.c b/lib/xwrap.c index 2e2ccbc1..778cb38d 100644 --- a/lib/xwrap.c +++ b/lib/xwrap.c @@ -554,7 +554,7 @@ char *xabspath(char *path, int exact) if (missing) missing--; else { - if (-1 == (x = openat(dirfd, "..", 0))) goto error; + if (-1 == (x = openat(dirfd, "..", O_PATH))) goto error; close(dirfd); dirfd = x; } @@ -578,7 +578,7 @@ char *xabspath(char *path, int exact) } if (errno != EINVAL && (exact || todo)) goto error; - fd = openat(dirfd, new->str, 0); + fd = openat(dirfd, new->str, O_PATH); if (fd == -1 && (exact || todo || errno != ENOENT)) goto error; close(dirfd); dirfd = fd; @@ -591,7 +591,7 @@ char *xabspath(char *path, int exact) llist_traverse(done, free); done=0; close(dirfd); - dirfd = open("/", 0); + dirfd = open("/", O_PATH); } free(new); @@ -611,7 +611,7 @@ char *xabspath(char *path, int exact) try = 2; while (done) { - struct string_list *temp = llist_pop(&done);; + struct string_list *temp = llist_pop(&done); if (todo) try++; try += strlen(temp->str); -- cgit v1.2.3