fix(main/zig): disable certain syscalls usage (#17768)
Remove syscalls access, stat and lstat as seccomp blocks them https://android.googlesource.com/platform/bionic/+/refs/heads/main/libc/SECCOMP_ALLOWLIST_APP.TXT https://android.googlesource.com/platform/bionic/+/refs/heads/main/libc/SECCOMP_ALLOWLIST_COMMON.TXT
This commit is contained in:
parent
c2fbcf37f7
commit
7862988858
|
@ -4,6 +4,7 @@ TERMUX_PKG_LICENSE="MIT"
|
|||
TERMUX_PKG_LICENSE_FILE="zig/LICENSE"
|
||||
TERMUX_PKG_MAINTAINER="@termux"
|
||||
TERMUX_PKG_VERSION=0.11.0
|
||||
TERMUX_PKG_REVISION=1
|
||||
TERMUX_PKG_SRCURL=https://github.com/ziglang/zig-bootstrap/archive/${TERMUX_PKG_VERSION}.tar.gz
|
||||
TERMUX_PKG_SHA256=046cede54ae0627c6ac98a1b3915242b35bc550ac7aaec3ec4cef6904c95019e
|
||||
TERMUX_PKG_BUILD_IN_SRC=true
|
||||
|
@ -21,13 +22,6 @@ termux_step_make() {
|
|||
# which NDK cant be used anymore
|
||||
unset AS CC CFLAGS CPP CPPFLAGS CXX CXXFLAGS LD LDFLAGS
|
||||
|
||||
# zig 0.9.1 android triples never worked and uses musl
|
||||
export ZIG_TARGET_NAME="${TERMUX_ARCH}-linux-musl"
|
||||
case "${TERMUX_ARCH}" in
|
||||
arm) ZIG_TARGET_NAME="arm-linux-musleabihf" ;;
|
||||
i686) ZIG_TARGET_NAME="x86-linux-musl" ;;
|
||||
esac
|
||||
|
||||
# build.patch skipped various steps to make CI build <6 hours
|
||||
./build "${ZIG_TARGET_NAME}" baseline
|
||||
}
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
diff -uNr zig-bootstrap-0.11.0/zig/lib/libc/musl/src/stat/fstatat.c zig-bootstrap-0.11.0.mod/zig/lib/libc/musl/src/stat/fstatat.c
|
||||
--- zig-bootstrap-0.11.0/zig/lib/libc/musl/src/stat/fstatat.c 2023-08-11 09:21:14.000000000 +0800
|
||||
+++ zig-bootstrap-0.11.0.mod/zig/lib/libc/musl/src/stat/fstatat.c 2023-09-06 21:34:13.166214431 +0800
|
||||
@@ -7,6 +7,9 @@
|
||||
#include <sys/sysmacros.h>
|
||||
#include "syscall.h"
|
||||
|
||||
+#undef SYS_lstat
|
||||
+#undef SYS_stat
|
||||
+
|
||||
struct statx {
|
||||
uint32_t stx_mask;
|
||||
uint32_t stx_blksize;
|
|
@ -0,0 +1,12 @@
|
|||
diff -uNr zig-bootstrap-0.11.0/zig/lib/libc/musl/src/unistd/access.c zig-bootstrap-0.11.0.mod/zig/lib/libc/musl/src/unistd/access.c
|
||||
--- zig-bootstrap-0.11.0/zig/lib/libc/musl/src/unistd/access.c 2023-08-11 09:21:14.000000000 +0800
|
||||
+++ zig-bootstrap-0.11.0.mod/zig/lib/libc/musl/src/unistd/access.c 2023-09-06 11:41:47.373124956 +0800
|
||||
@@ -4,7 +4,7 @@
|
||||
|
||||
int access(const char *filename, int amode)
|
||||
{
|
||||
-#ifdef SYS_access
|
||||
+#if defined(SYS_access) && !defined(__x86_64__)
|
||||
return syscall(SYS_access, filename, amode);
|
||||
#else
|
||||
return syscall(SYS_faccessat, AT_FDCWD, filename, amode, 0);
|
|
@ -0,0 +1,12 @@
|
|||
diff -uNr zig-bootstrap-0.11.0/zig/lib/std/os/linux.zig zig-bootstrap-0.11.0.mod/zig/lib/std/os/linux.zig
|
||||
--- zig-bootstrap-0.11.0/zig/lib/std/os/linux.zig 2023-08-11 09:21:14.000000000 +0800
|
||||
+++ zig-bootstrap-0.11.0.mod/zig/lib/std/os/linux.zig 2023-09-05 10:51:44.683837753 +0800
|
||||
@@ -590,7 +590,7 @@
|
||||
}
|
||||
|
||||
pub fn access(path: [*:0]const u8, mode: u32) usize {
|
||||
- if (@hasField(SYS, "access")) {
|
||||
+ if (@hasField(SYS, "access") and (comptime builtin.cpu.arch != .x86_64)) {
|
||||
return syscall2(.access, @intFromPtr(path), mode);
|
||||
} else {
|
||||
return syscall4(.faccessat, @as(usize, @bitCast(@as(isize, AT.FDCWD))), @intFromPtr(path), mode, 0);
|
|
@ -10,6 +10,13 @@ termux_setup_zig() {
|
|||
fi
|
||||
local ZIG_PKG_VERSION=$(. "${TERMUX_SCRIPTDIR}/packages/zig/build.sh"; echo ${TERMUX_PKG_VERSION})
|
||||
|
||||
# zig 0.9.1 android triples never worked and uses musl
|
||||
export ZIG_TARGET_NAME="${TERMUX_ARCH}-linux-musl"
|
||||
case "${TERMUX_ARCH}" in
|
||||
arm) ZIG_TARGET_NAME="arm-linux-musleabihf" ;;
|
||||
i686) ZIG_TARGET_NAME="x86-linux-musl" ;;
|
||||
esac
|
||||
|
||||
if [[ "${TERMUX_ON_DEVICE_BUILD}" == "true" ]]; then
|
||||
if [[ "$(cat "${TERMUX_BUILT_PACKAGES_DIRECTORY}/zig" 2>/dev/null)" != "${ZIG_PKG_VERSION}" && -z "$(command -v zig)" ]]; then
|
||||
cat <<- EOL
|
||||
|
@ -31,6 +38,11 @@ termux_setup_zig() {
|
|||
mkdir -p "${ZIG_FOLDER}"
|
||||
termux_download "${ZIG_TXZ_URL}" "${ZIG_TXZ_FILE}" "${ZIG_TXZ_SHA256}"
|
||||
tar -xf "${ZIG_TXZ_FILE}" -C "${ZIG_FOLDER}" --strip-components=1
|
||||
|
||||
echo "termux_setup_zig: Applying patches from packages/zig"
|
||||
for p in "${TERMUX_SCRIPTDIR}"/packages/zig/zig-*.patch; do
|
||||
patch -d "${ZIG_FOLDER}" -p2 -i "${p}"
|
||||
done
|
||||
fi
|
||||
|
||||
export PATH="${ZIG_FOLDER}:${PATH}"
|
||||
|
|
Loading…
Reference in New Issue