Zygote: Additional whitelisting for legacy devices. On M and below, we provide a blanket whitelist for all files under "/vendor/zygote_whitelist". This path is whitelisted purely to allow this patch to be applied easily on legacy devices and configurations. Note that this does not amount to a loosening of our security policy because whitelisted files are reopened anyway. Bug: 32691930 Test: manual Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99 (cherry picked from commit 5e2f7c6229d7191183888d685b57a7d0a2835fce)

commit: 296f6d595edf2ce86e72f5901464ad0f65b42958 [log] [tgz]
author: Narayan Kamath <narayan@google.com> Mon Nov 07 19:59:29 2016 +0000
committer: gitbuildkicker <android-build@google.com> Thu Dec 01 14:46:45 2016 -0800
tree: 303cd7ccb45411c4fe08de98b2c5fda0776979cc
parent: 6b650e80933cadb29fadbbdac89a01a50cb2b2e1 [diff]
diff --git a/core/jni/fd_utils-inl.h b/core/jni/fd_utils-inl.h
index 3f91feb..d1129a3e 100644
--- a/core/jni/fd_utils-inl.h
+++ b/core/jni/fd_utils-inl.h

@@ -293,6 +293,12 @@
       return true;
     }
 
+    // All regular files that are placed under this path are whitelisted automatically.
+    static const std::string kZygoteWhitelistPath = "/vendor/zygote_whitelist/";
+    if (StartsWith(path, kZygoteWhitelistPath) && path.find("/../") == std::string::npos) {
+      return true;
+    }
+
     return false;
   }
commit	296f6d595edf2ce86e72f5901464ad0f65b42958	[log] [tgz]
author	Narayan Kamath <narayan@google.com>	Mon Nov 07 19:59:29 2016 +0000
committer	gitbuildkicker <android-build@google.com>	Thu Dec 01 14:46:45 2016 -0800
tree	303cd7ccb45411c4fe08de98b2c5fda0776979cc
parent	6b650e80933cadb29fadbbdac89a01a50cb2b2e1 [diff]