StrixOS/build_soong
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix multiple copies of read-only files in sbox

Browse Source 
Sbox preserves the permissions of input files when copying them into the
sandbox.  A read-only file copied into the sandbox multiple times causes
a permission denied error on the second write.  Building in Bazel results
in more read-only files, which triggers the issue on existing sbox rules
with duplicate input files.  Remove the destination file when copying if
it exists.

Bug: 184113103
Test: m USE_BAZEL=true
Change-Id: I7edf92d82b766100e3cbbd90d22428269d7d0167
This commit is contained in:
Colin Cross
2021-03-31 12:54:06 -07:00
parent 3fbf2bea6a
commit 607c0b795c
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/sbox/sbox.go
View File

@@ -387,6 +387,14 @@ func copyOneFile(from string, to string, executable bool) error {
}
defer in.Close()
// Remove the target before copying. In most cases the file won't exist, but if there are
// duplicate copy rules for a file and the source file was read-only the second copy could
// fail.
err = os.Remove(to)
if err != nil && !os.IsNotExist(err) {
return err
}
out, err := os.Create(to)
if err != nil {
return err