Don't expect permission to open foreign dex use marks.
sepolicy says we can create the mark files, but open requires
additional permissions we don't need. Don't print a warning when we
aren't given those additional permissions.
Bug: 28241500
(cherry picked from commit 12e4157666bfdc2ca38f459f6447385b80c7ddff)
Change-Id: I272befdb4fa58a0adf550fde52ddab5b5f5a9fe3
diff --git a/runtime/jit/profile_saver.cc b/runtime/jit/profile_saver.cc
index e8462a1..cf46893 100644
--- a/runtime/jit/profile_saver.cc
+++ b/runtime/jit/profile_saver.cc
@@ -490,17 +490,20 @@
// frameworks/base/services/core/java/com/android/server/pm/PackageDexOptimizer.java)
std::replace(dex_location_real_path_str.begin(), dex_location_real_path_str.end(), '/', '@');
std::string flag_path = foreign_dex_profile_path + "/" + dex_location_real_path_str;
- // No need to give any sort of access to flag_path. The system has enough permissions
- // to test for its existence.
- int fd = TEMP_FAILURE_RETRY(open(flag_path.c_str(), O_CREAT | O_EXCL, 0));
+ // We use O_RDONLY as the access mode because we must supply some access
+ // mode, and there is no access mode that means 'create but do not read' the
+ // file. We will not not actually read from the file.
+ int fd = TEMP_FAILURE_RETRY(open(flag_path.c_str(),
+ O_CREAT | O_RDONLY | O_EXCL | O_CLOEXEC | O_NOFOLLOW, 0));
if (fd != -1) {
if (close(fd) != 0) {
PLOG(WARNING) << "Could not close file after flagging foreign dex use " << flag_path;
}
return true;
} else {
- if (errno != EEXIST) {
- // Another app could have already created the file.
+ if (errno != EEXIST && errno != EACCES) {
+ // Another app could have already created the file, and selinux may not
+ // allow the read access to the file implied by the call to open.
PLOG(WARNING) << "Could not create foreign dex use mark " << flag_path;
return false;
}