From: Michael Pratt Date: Tue, 20 Dec 2022 16:25:38 +0000 (-0500) Subject: syscall: don't use faccessat2 on android X-Git-Tag: go1.20rc2~1^2~16 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=58f6022eee95f43b4e0dc640b012bb3f574898f1;p=gostls13.git syscall: don't use faccessat2 on android The Android seccomp policy does not allow faccessat2, so attempting to use it results in a SIGSYS. Avoid it and go straight to the fallback. Fixes #57393. Change-Id: I8d4e12a6f46cea5642d3b5b5a02c682529882f29 Reviewed-on: https://go-review.googlesource.com/c/go/+/458495 Reviewed-by: Austin Clements TryBot-Result: Gopher Robot Reviewed-by: Changkun Ou Run-TryBot: Michael Pratt --- diff --git a/src/syscall/syscall_linux.go b/src/syscall/syscall_linux.go index 30fa641627..d4cc34bdee 100644 --- a/src/syscall/syscall_linux.go +++ b/src/syscall/syscall_linux.go @@ -13,6 +13,7 @@ package syscall import ( "internal/itoa" + "runtime" "unsafe" ) @@ -145,8 +146,17 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { return faccessat(dirfd, path, mode) } - if err := faccessat2(dirfd, path, mode, flags); err != ENOSYS && err != EPERM { - return err + // Attempt to use the newer faccessat2, which supports flags directly, + // falling back if it doesn't exist. + // + // Don't attempt on Android, which does not allow faccessat2 through + // its seccomp policy [1] on any version of Android as of 2022-12-20. + // + // [1] https://cs.android.com/android/platform/superproject/+/master:bionic/libc/SECCOMP_BLOCKLIST_APP.TXT;l=4;drc=dbb8670dfdcc677f7e3b9262e93800fa14c4e417 + if runtime.GOOS != "android" { + if err := faccessat2(dirfd, path, mode, flags); err != ENOSYS && err != EPERM { + return err + } } // The Linux kernel faccessat system call does not take any flags.