Michael Pratt submitted this change.
syscall: don't use faccessat2 on android
The Android seccomp policy does not allow faccessat2, so attempting to
use it results in a SIGSYS. Avoid it and go straight to the fallback.
Fixes #57393.
Change-Id: I8d4e12a6f46cea5642d3b5b5a02c682529882f29
Reviewed-on: https://go-review.googlesource.com/c/go/+/458495
Reviewed-by: Austin Clements <aus...@google.com>
TryBot-Result: Gopher Robot <go...@golang.org>
Reviewed-by: Changkun Ou <ma...@changkun.de>
Run-TryBot: Michael Pratt <mpr...@google.com>
---
M src/syscall/syscall_linux.go
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/syscall/syscall_linux.go b/src/syscall/syscall_linux.go
index 30fa641..d4cc34b 100644
--- a/src/syscall/syscall_linux.go
+++ b/src/syscall/syscall_linux.go
@@ -13,6 +13,7 @@
import (
"internal/itoa"
+ "runtime"
"unsafe"
)
@@ -145,8 +146,17 @@
return faccessat(dirfd, path, mode)
}
- if err := faccessat2(dirfd, path, mode, flags); err != ENOSYS && err != EPERM {
- return err
+ // Attempt to use the newer faccessat2, which supports flags directly,
+ // falling back if it doesn't exist.
+ //
+ // Don't attempt on Android, which does not allow faccessat2 through
+ // its seccomp policy [1] on any version of Android as of 2022-12-20.
+ //
+ // [1] https://cs.android.com/android/platform/superproject/+/master:bionic/libc/SECCOMP_BLOCKLIST_APP.TXT;l=4;drc=dbb8670dfdcc677f7e3b9262e93800fa14c4e417
+ if runtime.GOOS != "android" {
+ if err := faccessat2(dirfd, path, mode, flags); err != ENOSYS && err != EPERM {
+ return err
+ }
}
// The Linux kernel faccessat system call does not take any flags.
To view, visit change 458495. To unsubscribe, or for help writing mail filters, visit settings.