rootdev: Don't try to access /dev/block.android-wear-n-preview-3android-wear-n-preview-1android-n-preview-4android-n-preview-3android-n-preview-2android-n-preview-1android-cts_7.1_r1android-cts-7.1_r9android-cts-7.1_r8android-cts-7.1_r7android-cts-7.1_r6android-cts-7.1_r5android-cts-7.1_r4android-cts-7.1_r3android-cts-7.1_r29android-cts-7.1_r28android-cts-7.1_r27android-cts-7.1_r26android-cts-7.1_r25android-cts-7.1_r24android-cts-7.1_r23android-cts-7.1_r22android-cts-7.1_r21android-cts-7.1_r20android-cts-7.1_r2android-cts-7.1_r19android-cts-7.1_r18android-cts-7.1_r17android-cts-7.1_r16android-cts-7.1_r15android-cts-7.1_r14android-cts-7.1_r13android-cts-7.1_r12android-cts-7.1_r11android-cts-7.1_r10android-cts-7.1_r1android-cts-7.0_r9android-cts-7.0_r8android-cts-7.0_r7android-cts-7.0_r6android-cts-7.0_r5android-cts-7.0_r4android-cts-7.0_r33android-cts-7.0_r32android-cts-7.0_r31android-cts-7.0_r30android-cts-7.0_r3android-cts-7.0_r29android-cts-7.0_r28android-cts-7.0_r27android-cts-7.0_r26android-cts-7.0_r25android-cts-7.0_r24android-cts-7.0_r23android-cts-7.0_r22android-cts-7.0_r21android-cts-7.0_r20android-cts-7.0_r2android-cts-7.0_r19android-cts-7.0_r18android-cts-7.0_r17android-cts-7.0_r16android-cts-7.0_r15android-cts-7.0_r14android-cts-7.0_r13android-cts-7.0_r12android-cts-7.0_r11android-cts-7.0_r10android-cts-7.0_r1android-7.1.2_r9android-7.1.2_r8android-7.1.2_r6android-7.1.2_r5android-7.1.2_r4android-7.1.2_r39android-7.1.2_r38android-7.1.2_r37android-7.1.2_r36android-7.1.2_r33android-7.1.2_r32android-7.1.2_r30android-7.1.2_r3android-7.1.2_r29android-7.1.2_r28android-7.1.2_r27android-7.1.2_r25android-7.1.2_r24android-7.1.2_r23android-7.1.2_r2android-7.1.2_r19android-7.1.2_r18android-7.1.2_r17android-7.1.2_r16android-7.1.2_r15android-7.1.2_r14android-7.1.2_r13android-7.1.2_r12android-7.1.2_r11android-7.1.2_r10android-7.1.2_r1android-7.1.1_r9android-7.1.1_r8android-7.1.1_r7android-7.1.1_r61android-7.1.1_r60android-7.1.1_r6android-7.1.1_r59android-7.1.1_r58android-7.1.1_r57android-7.1.1_r56android-7.1.1_r55android-7.1.1_r54android-7.1.1_r53android-7.1.1_r52android-7.1.1_r51android-7.1.1_r50android-7.1.1_r49android-7.1.1_r48android-7.1.1_r47android-7.1.1_r46android-7.1.1_r45android-7.1.1_r44android-7.1.1_r43android-7.1.1_r42android-7.1.1_r41android-7.1.1_r40android-7.1.1_r4android-7.1.1_r39android-7.1.1_r38android-7.1.1_r35android-7.1.1_r33android-7.1.1_r32android-7.1.1_r31android-7.1.1_r3android-7.1.1_r28android-7.1.1_r27android-7.1.1_r26android-7.1.1_r25android-7.1.1_r24android-7.1.1_r23android-7.1.1_r22android-7.1.1_r21android-7.1.1_r20android-7.1.1_r2android-7.1.1_r17android-7.1.1_r16android-7.1.1_r15android-7.1.1_r14android-7.1.1_r13android-7.1.1_r12android-7.1.1_r11android-7.1.1_r10android-7.1.1_r1android-7.1.0_r7android-7.1.0_r6android-7.1.0_r5android-7.1.0_r4android-7.1.0_r3android-7.1.0_r2android-7.1.0_r1android-7.0.0_r9android-7.0.0_r8android-7.0.0_r7android-7.0.0_r6android-7.0.0_r5android-7.0.0_r4android-7.0.0_r36android-7.0.0_r35android-7.0.0_r34android-7.0.0_r33android-7.0.0_r32android-7.0.0_r31android-7.0.0_r30android-7.0.0_r3android-7.0.0_r29android-7.0.0_r28android-7.0.0_r27android-7.0.0_r24android-7.0.0_r21android-7.0.0_r19android-7.0.0_r17android-7.0.0_r15android-7.0.0_r14android-7.0.0_r13android-7.0.0_r12android-7.0.0_r11android-7.0.0_r10android-7.0.0_r1nougat-releasenougat-mr2.3-releasenougat-mr2.2-releasenougat-mr2.1-releasenougat-mr2-security-releasenougat-mr2-releasenougat-mr2-pixel-releasenougat-mr2-devnougat-mr1.8-releasenougat-mr1.7-releasenougat-mr1.6-releasenougat-mr1.5-releasenougat-mr1.4-releasenougat-mr1.3-releasenougat-mr1.2-releasenougat-mr1.1-releasenougat-mr1-volantis-releasenougat-mr1-security-releasenougat-mr1-releasenougat-mr1-flounder-releasenougat-mr1-devnougat-mr1-cts-releasenougat-mr0.5-releasenougat-dr1-releasenougat-devnougat-cts-releasenougat-bugfix-releasebrillo-m9-releasebrillo-m9-devbrillo-m8-releasebrillo-m8-devbrillo-m7-releasebrillo-m7-mr-devbrillo-m7-devbrillo-m10-releasebrillo-m10-dev

When the device used to back a path is found in /sys/block, rootdev will
double check that /dev/block/<device name> exists and that the dev_t
matches the one in /sys/block/.
On Android, the manufacturer can add an SELinux context for that device
node which will prevent core daemons from accessing it, failing the call
to rootdev.

To avoid this, rootdev should return the device node path without trying
to access it.

This CL also enable building with Clang to ensure we use the strictest
compiler possible.

BUG: 24143423
BUG: 24267261
TEST: metricsd starts and find the main disk without any SELinux denial.
TEST: builds with clang and -Werror.

Change-Id: Icfe64695c28277d4c8eb9c89de1e13a767a703b8

3 files changed, 13 insertions, 16 deletions

diff --git a/Android.mk b/Android.mk
index 613fa85..6878e8a 100644
--- a/Android.mk
+++ b/Android.mk
@@ -23,6 +23,7 @@ rootdev_CFLAGS := -Wall -Werror -Wno-sign-compare
 include $(CLEAR_VARS)
 LOCAL_MODULE := librootdev
 LOCAL_CFLAGS += $(rootdev_CFLAGS)
+LOCAL_CLANG := true
 LOCAL_CPPFLAGS += $(rootdev_CPPFLAGS)
 LOCAL_SRC_FILES := rootdev.c
 LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)
@@ -32,6 +33,7 @@ include $(BUILD_SHARED_LIBRARY)
 include $(CLEAR_VARS)
 LOCAL_MODULE := rootdev
 LOCAL_CFLAGS += $(rootdev_CFLAGS)
+LOCAL_CLANG := true
 LOCAL_CPPFLAGS += $(rootdev_CPPFLAGS)
 LOCAL_SHARED_LIBRARIES := librootdev
 LOCAL_SRC_FILES := main.c
diff --git a/rootdev.c b/rootdev.c
index f0de1ff..e4c6d55 100644
--- a/rootdev.c
+++ b/rootdev.c
@@ -343,9 +343,8 @@ int rootdev_create_devices(const char *name, dev_t dev, bool symlink) {
 }
 
 int rootdev_get_path(char *path, size_t size, const char *device,
-                     dev_t dev, const char *dev_path) {
+                     const char *dev_path) {
   int path_len;
-  struct stat dev_statbuf;
 
   if (!dev_path)
     dev_path = kDefaultDevPath;
@@ -357,11 +356,10 @@ int rootdev_get_path(char *path, size_t size, const char *device,
   if (path_len != strlen(dev_path) + 1 + strlen(device))
     return -1;
 
-  if (stat(path, &dev_statbuf) != 0)
-    return 1;
-
-  if (dev && dev != dev_statbuf.st_rdev)
-    return 2;
+  // TODO(bsimonnet): We should check that |path| exists and is the right
+  // device. We don't do this currently as OEMs can add custom SELinux rules
+  // which may prevent us from accessing this.
+  // See b/24267261.
 
   return 0;
 }
@@ -397,7 +395,7 @@ int rootdev_wrapper(char *path, size_t size,
     rootdev_strip_partition(devname, size);
   }
 
-  res = rootdev_get_path(path, size, devname, *dev, dev_path);
+  res = rootdev_get_path(path, size, devname, dev_path);
 
   return res;
 }
diff --git a/rootdev.h b/rootdev.h
index 74a48da..aacfaf0 100644
--- a/rootdev.h
+++ b/rootdev.h
@@ -71,7 +71,6 @@ void rootdev_get_device_slave(char *slave, size_t size, dev_t *dev,
  * @path: char array to store the path
  * @size: size of @devpath
  * @device: name of the device
- * @dev: optional expected dev_t of the node.
  * @dev_path: path to dev tree. NULL for default (/dev)
  *
  * A @dev of 0 is ignored.
@@ -79,16 +78,14 @@ void rootdev_get_device_slave(char *slave, size_t size, dev_t *dev,
  * @path is populated for all return codes.
  * Returns 0 on success and non-zero on error:
  * -1 on unexpected errors (@path may be invalid)
- *  1 on no existing @path
- *  2 @path exists but the dev_t value is mismatched.
  *
  * Nb, this function does NOT search /dev for a match.  It performs a normal
- *     string concatenation and probes for the existence.  If udev has moved,
- *     or otherwise renamed, the device, a positive value is returned.
- *     The caller may then use the dev_t and @path to create the node with
- *     mknod(2).
+ *     string concatenation.
+ *     We can't check if the device actually exists as vendors may create an
+ *     SELinux context we don't know about for it (in which case, this function
+ *     would always fail).
  */
-int rootdev_get_path(char *path, size_t size, const char *device, dev_t dev,
+int rootdev_get_path(char *path, size_t size, const char *device,
                      const char *dev_path);
 
 const char *rootdev_get_partition(const char *dst, size_t len);