Fix multiple copies of read-only files in sbox Sbox preserves the permissions of input files when copying them into the sandbox. A read-only file copied into the sandbox multiple times causes a permission denied error on the second write. Building in Bazel results in more read-only files, which triggers the issue on existing sbox rules with duplicate input files. Remove the destination file when copying if it exists. Bug: 184113103 Test: m USE_BAZEL=true Change-Id: I7edf92d82b766100e3cbbd90d22428269d7d0167

commit: 607c0b795ceac7d73f9b8b1c3e14e88e9c237e43 [log] [tgz]
author: Colin Cross <ccross@android.com> Wed Mar 31 12:54:06 2021 -0700
committer: Colin Cross <ccross@android.com> Wed Mar 31 13:17:42 2021 -0700
tree: c13d361b29731d16fa0a521187d76bf74ee3de76
parent: 3fbf2bea6ada498fcac0de7e190044fa3063902a [diff]
diff --git a/cmd/sbox/sbox.go b/cmd/sbox/sbox.go
index fcc80a9..7bd0868 100644
--- a/cmd/sbox/sbox.go
+++ b/cmd/sbox/sbox.go

@@ -387,6 +387,14 @@
 	}
 	defer in.Close()
 
+	// Remove the target before copying.  In most cases the file won't exist, but if there are
+	// duplicate copy rules for a file and the source file was read-only the second copy could
+	// fail.
+	err = os.Remove(to)
+	if err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
 	out, err := os.Create(to)
 	if err != nil {
 		return err
commit	607c0b795ceac7d73f9b8b1c3e14e88e9c237e43	[log] [tgz]
author	Colin Cross <ccross@android.com>	Wed Mar 31 12:54:06 2021 -0700
committer	Colin Cross <ccross@android.com>	Wed Mar 31 13:17:42 2021 -0700
tree	c13d361b29731d16fa0a521187d76bf74ee3de76
parent	3fbf2bea6ada498fcac0de7e190044fa3063902a [diff]