From 751b7baf9499cf287eaaa58e0978e377fa651015 Mon Sep 17 00:00:00 2001
From: Zach Riggle <riggle@google.com>
Date: Thu, 11 Oct 2018 15:52:42 -0500
Subject: Android: Fix sandbox implementation

My test harness for this code performed some steps that are not
performed when syz-executor is invoked directy.

Specifcally, we need to operate from a directory under /data/data,
and have the correct UID/GID set as the owner of the directory.

My test harness now correctly sets these, all sandbox operations
succeed, and loop() is invoked.
---
 executor/common.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'executor/common.h')

diff --git a/executor/common.h b/executor/common.h
index f5f124fef..79dc5940b 100644
--- a/executor/common.h
+++ b/executor/common.h
@@ -151,14 +151,18 @@ static uint64 current_time_ms(void)
 }
 #endif
 
-#if SYZ_EXECUTOR || SYZ_USE_TMP_DIR
+#if SYZ_EXECUTOR || SYZ_SANDBOX_ANDROID_UNTRUSTED_APP || SYZ_USE_TMP_DIR
 #include <stdlib.h>
 #include <sys/stat.h>
 #include <unistd.h>
 
 static void use_temporary_dir(void)
 {
+#if SYZ_SANDBOX_ANDROID_UNTRUSTED_APP
+	char tmpdir_template[] = "/data/data/syzkaller/syzkaller.XXXXXX";
+#else
 	char tmpdir_template[] = "./syzkaller.XXXXXX";
+#endif
 	char* tmpdir = mkdtemp(tmpdir_template);
 	if (!tmpdir)
 		fail("failed to mkdtemp");
@@ -665,7 +669,7 @@ int main(void)
 	for (procid = 0; procid < [[PROCS]]; procid++) {
 		if (fork() == 0) {
 #endif
-#if SYZ_USE_TMP_DIR
+#if SYZ_USE_TMP_DIR || SYZ_SANDBOX_ANDROID_UNTRUSTED_APP
 			use_temporary_dir();
 #endif
 			[[SANDBOX_FUNC]]
-- 
cgit mrf-deployment