From 42e81985b1cfb0e2b9439721b2507f240518df31 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Fri, 25 Jan 2019 18:18:01 +0900 Subject: [PATCH] Call realpath(3) only when the path is accessible for read Suppress the SELinux denial log spam by not calling realpath(3) when the path does not exist or is not accessible for read, and then not auditing access(2) failure. Bug: 120996057 Test: copy ping to /data/local/tmp, run it, verify no errors Test: run bionic-unit-tests, the tests pass Change-Id: Ie6058bfc9524a9b5c50fc7183fdddea6a8fb9200 --- linker/linker_config.cpp | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/linker/linker_config.cpp b/linker/linker_config.cpp index 0e75c85c2..5a728d3c5 100644 --- a/linker/linker_config.cpp +++ b/linker/linker_config.cpp @@ -41,6 +41,7 @@ #include #include +#include #include #include @@ -238,9 +239,17 @@ static bool parse_config_file(const char* ld_config_file_path, // If the path can be resolved, resolve it char buf[PATH_MAX]; std::string resolved_path; - if (realpath(value.c_str(), buf)) { + if (access(value.c_str(), R_OK) != 0) { + if (errno == ENOENT) { + // no need to test for non-existing path. skip. + continue; + } + // If not accessible, don't call realpath as it will just cause + // SELinux denial spam. Use the path unresolved. + resolved_path = value; + } else if (realpath(value.c_str(), buf)) { resolved_path = buf; - } else if (errno != ENOENT) { + } else { // realpath is expected to fail with EPERM in some situations, so log // the failure with INFO rather than DL_WARN. e.g. A binary in // /data/local/tmp may attempt to stat /postinstall. See @@ -251,9 +260,6 @@ static bool parse_config_file(const char* ld_config_file_path, value.c_str(), strerror(errno)); resolved_path = value; - } else { - // ENOENT: no need to test if binary is under the path - continue; } if (file_is_under_dir(binary_realpath, resolved_path)) {