Do not treat access error as fatal for device manifest.
Applications do not have use_apex_info permission, application should
not be directly calling libvintf on device. In the short term return
device manifest without any APEX defined HALs.
Test: run cts -m CtsSecurityHostTestCases -t android.security.cts.SELinuxNeverallowRulesTest#testNeverallowRules0
Test: vintf_object_test
Bug: 273301449
Bug: 270489042
Change-Id: I1b3e0ab74f83ef6613824f2494a42097412b9b1e
diff --git a/Apex.cpp b/Apex.cpp
index 2ae90dd..10ac444 100644
--- a/Apex.cpp
+++ b/Apex.cpp
@@ -36,13 +36,29 @@
// Update cached mtime_
int64_t mtime;
auto status = fileSystem->modifiedTime(kApexInfoFile, &mtime, error);
- if (status == NAME_NOT_FOUND) {
- if (error) {
+
+ if (status != OK) {
+ switch (status) {
+ case NAME_NOT_FOUND:
+ status = OK;
+ break;
+ case -EACCES:
+ // Don't error out on access errors, but log it
+ LOG(WARNING) << "APEX Device VINTF Dirs: EACCES: "
+ << (error ? *error : "(unknown error message)");
+ status = OK;
+ break;
+ default:
+ break;
+ }
+
+ if ((status == OK) && (error)) {
error->clear();
}
- return OK;
+
+ return status;
}
- if (status != OK) return status;
+
mtime_ = mtime;
// Load apex-info-list
