Check that dir name is a pid before attempting to read
Prevents selinux denials for folders in /proc that do not have the
default /proc label.
Bug: 68146208
Test: no selinux denials for vold attempting to read proc_asound dir.
Change-Id: I7cdd3bbe8e687e078372012773e9a34a5c76e0f8
diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index c1d51d9..f367c2a 100644
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -34,9 +34,11 @@
#include <linux/kdev_t.h>
#include <android-base/logging.h>
+#include <android-base/parseint.h>
#include <android-base/properties.h>
-#include <android-base/strings.h>
#include <android-base/stringprintf.h>
+#include <android-base/strings.h>
+
#include <cutils/fs.h>
#include <utils/Trace.h>
@@ -420,6 +422,10 @@
// Poke through all running PIDs look for apps running as UID
while ((de = readdir(dir))) {
+ pid_t pid;
+ if (de->d_type != DT_DIR) continue;
+ if (!android::base::ParseInt(de->d_name, &pid)) continue;
+
pidFd = -1;
nsFd = -1;