Clean environment variables to account for sandbox work directory.

Unset HOME to prevent username leak. Bug: 363037195 Change-Id: I7a8694f746d58de8f6e41adb6ad52abbaf955ef4
2024-08-20 14:10:50 -07:00
parent cda9ce15ff
commit 0af8ea14fc
3 changed files with 69 additions and 17 deletions
--- a/ui/build/path.go
+++ b/ui/build/path.go
@@ -57,6 +57,22 @@ func parsePathDir(dir string) []string {
 	return ret
 }

+func updatePathForSandbox(config Config) {
+	wd, err := os.Getwd()
+	if err != nil {
+		return
+	}
+
+	var newPath []string
+	if path, ok := config.Environment().Get("PATH"); ok && path != "" {
+		entries := strings.Split(path, string(filepath.ListSeparator))
+		for _, ent := range entries {
+			newPath = append(newPath, config.sandboxPath(wd, ent))
+		}
+	}
+	config.Environment().Set("PATH", strings.Join(newPath, string(filepath.ListSeparator)))
+}
+
 // SetupLitePath is the "lite" version of SetupPath used for dumpvars, or other
 // places that does not need the full logging capabilities of path_interposer,
 // wants the minimal performance overhead, and still get the benefits of $PATH
@@ -121,6 +137,7 @@ func SetupLitePath(ctx Context, config Config, tmpDir string) {
 	// Set $PATH to be the directories containing the host tool symlinks, and
 	// the prebuilts directory for the current host OS.
 	config.Environment().Set("PATH", myPath)
+	updatePathForSandbox(config)
 	config.pathReplaced = true
 }

@@ -265,5 +282,6 @@ func SetupPath(ctx Context, config Config) {
 	// Replace the $PATH variable with the path_interposer symlinks, and
 	// checked-in prebuilts.
 	config.Environment().Set("PATH", myPath)
+	updatePathForSandbox(config)
 	config.pathReplaced = true
 }