fix(main/zig): disable certain syscalls usage (#17768)

Remove syscalls access, stat and lstat as seccomp blocks them https://android.googlesource.com/platform/bionic/+/refs/heads/main/libc/SECCOMP_ALLOWLIST_APP.TXT https://android.googlesource.com/platform/bionic/+/refs/heads/main/libc/SECCOMP_ALLOWLIST_COMMON.TXT
2023-09-07 18:31:08 +08:00 · 2023-09-07 18:31:08 +08:00 · 7862988858
parent c2fbcf37f7
commit 7862988858
5 changed files with 50 additions and 7 deletions
--- a/packages/zig/build.sh
+++ b/packages/zig/build.sh
@ -4,6 +4,7 @@ TERMUX_PKG_LICENSE="MIT"
 TERMUX_PKG_LICENSE_FILE="zig/LICENSE"
 TERMUX_PKG_MAINTAINER="@termux"
 TERMUX_PKG_VERSION=0.11.0
+TERMUX_PKG_REVISION=1
 TERMUX_PKG_SRCURL=https://github.com/ziglang/zig-bootstrap/archive/${TERMUX_PKG_VERSION}.tar.gz
 TERMUX_PKG_SHA256=046cede54ae0627c6ac98a1b3915242b35bc550ac7aaec3ec4cef6904c95019e
 TERMUX_PKG_BUILD_IN_SRC=true
@ -21,13 +22,6 @@ termux_step_make() {
 	# which NDK cant be used anymore
 	unset AS CC CFLAGS CPP CPPFLAGS CXX CXXFLAGS LD LDFLAGS

-	# zig 0.9.1 android triples never worked and uses musl
-	export ZIG_TARGET_NAME="${TERMUX_ARCH}-linux-musl"
-	case "${TERMUX_ARCH}" in
-	arm) ZIG_TARGET_NAME="arm-linux-musleabihf" ;;
-	i686) ZIG_TARGET_NAME="x86-linux-musl" ;;
-	esac
-
 	# build.patch skipped various steps to make CI build <6 hours
 	./build "${ZIG_TARGET_NAME}" baseline
 }
--- a/packages/zig/zig-lib-libc-musl-src-stat-fstatat.c.patch
+++ b/packages/zig/zig-lib-libc-musl-src-stat-fstatat.c.patch
@ -0,0 +1,13 @@
+diff -uNr zig-bootstrap-0.11.0/zig/lib/libc/musl/src/stat/fstatat.c zig-bootstrap-0.11.0.mod/zig/lib/libc/musl/src/stat/fstatat.c
+--- zig-bootstrap-0.11.0/zig/lib/libc/musl/src/stat/fstatat.c	2023-08-11 09:21:14.000000000 +0800
+++ zig-bootstrap-0.11.0.mod/zig/lib/libc/musl/src/stat/fstatat.c	2023-09-06 21:34:13.166214431 +0800
+@@ -7,6 +7,9 @@
+ #include <sys/sysmacros.h>
+ #include "syscall.h"
+ 
+#undef SYS_lstat
+#undef SYS_stat
+
+ struct statx {
+ 	uint32_t stx_mask;
+ 	uint32_t stx_blksize;
--- a/packages/zig/zig-lib-libc-musl-src-unistd-access.c.patch
+++ b/packages/zig/zig-lib-libc-musl-src-unistd-access.c.patch
@ -0,0 +1,12 @@
+diff -uNr zig-bootstrap-0.11.0/zig/lib/libc/musl/src/unistd/access.c zig-bootstrap-0.11.0.mod/zig/lib/libc/musl/src/unistd/access.c
+--- zig-bootstrap-0.11.0/zig/lib/libc/musl/src/unistd/access.c	2023-08-11 09:21:14.000000000 +0800
+++ zig-bootstrap-0.11.0.mod/zig/lib/libc/musl/src/unistd/access.c	2023-09-06 11:41:47.373124956 +0800
+@@ -4,7 +4,7 @@
+ 
+ int access(const char *filename, int amode)
+ {
+-#ifdef SYS_access
+#if defined(SYS_access) && !defined(__x86_64__)
+ 	return syscall(SYS_access, filename, amode);
+ #else
+ 	return syscall(SYS_faccessat, AT_FDCWD, filename, amode, 0);
--- a/packages/zig/zig-lib-std-os-linux.zig.patch
+++ b/packages/zig/zig-lib-std-os-linux.zig.patch
@ -0,0 +1,12 @@
+diff -uNr zig-bootstrap-0.11.0/zig/lib/std/os/linux.zig zig-bootstrap-0.11.0.mod/zig/lib/std/os/linux.zig
+--- zig-bootstrap-0.11.0/zig/lib/std/os/linux.zig	2023-08-11 09:21:14.000000000 +0800
+++ zig-bootstrap-0.11.0.mod/zig/lib/std/os/linux.zig	2023-09-05 10:51:44.683837753 +0800
+@@ -590,7 +590,7 @@
+ }
+ 
+ pub fn access(path: [*:0]const u8, mode: u32) usize {
+-    if (@hasField(SYS, "access")) {
+    if (@hasField(SYS, "access") and (comptime builtin.cpu.arch != .x86_64)) {
+         return syscall2(.access, @intFromPtr(path), mode);
+     } else {
+         return syscall4(.faccessat, @as(usize, @bitCast(@as(isize, AT.FDCWD))), @intFromPtr(path), mode, 0);
--- a/scripts/build/setup/termux_setup_zig.sh
+++ b/scripts/build/setup/termux_setup_zig.sh
@ -10,6 +10,13 @@ termux_setup_zig() {
 	fi
 	local ZIG_PKG_VERSION=$(. "${TERMUX_SCRIPTDIR}/packages/zig/build.sh"; echo ${TERMUX_PKG_VERSION})

+	# zig 0.9.1 android triples never worked and uses musl
+	export ZIG_TARGET_NAME="${TERMUX_ARCH}-linux-musl"
+	case "${TERMUX_ARCH}" in
+	arm) ZIG_TARGET_NAME="arm-linux-musleabihf" ;;
+	i686) ZIG_TARGET_NAME="x86-linux-musl" ;;
+	esac
+
 	if [[ "${TERMUX_ON_DEVICE_BUILD}" == "true" ]]; then
 		if [[ "$(cat "${TERMUX_BUILT_PACKAGES_DIRECTORY}/zig" 2>/dev/null)" != "${ZIG_PKG_VERSION}" && -z "$(command -v zig)" ]]; then
 			cat <<- EOL
@ -31,6 +38,11 @@ termux_setup_zig() {
 		mkdir -p "${ZIG_FOLDER}"
 		termux_download "${ZIG_TXZ_URL}" "${ZIG_TXZ_FILE}" "${ZIG_TXZ_SHA256}"
 		tar -xf "${ZIG_TXZ_FILE}" -C "${ZIG_FOLDER}" --strip-components=1
+
+		echo "termux_setup_zig: Applying patches from packages/zig"
+		for p in "${TERMUX_SCRIPTDIR}"/packages/zig/zig-*.patch; do
+			patch -d "${ZIG_FOLDER}" -p2 -i "${p}"
+		done
 	fi

 	export PATH="${ZIG_FOLDER}:${PATH}"