syscall: don't use faccessat2 on android

The Android seccomp policy does not allow faccessat2, so attempting to use it results in a SIGSYS. Avoid it and go straight to the fallback. Fixes #57393. Change-Id: I8d4e12a6f46cea5642d3b5b5a02c682529882f29 Reviewed-on: https://go-review.googlesource.com/c/go/+/458495 Reviewed-by: Austin Clements <austin@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Changkun Ou <mail@changkun.de> Run-TryBot: Michael Pratt <mpratt@google.com>
2022-12-20 11:25:38 -05:00 · 2022-12-20 11:25:38 -05:00 · 58f6022eee
parent 78fc81070a
commit 58f6022eee
1 changed files with 12 additions and 2 deletions
--- a/src/syscall/syscall_linux.go
+++ b/src/syscall/syscall_linux.go
@ -13,6 +13,7 @@ package syscall

 import (
 	"internal/itoa"
+	"runtime"
 	"unsafe"
 )

@ -145,8 +146,17 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 		return faccessat(dirfd, path, mode)
 	}

-	if err := faccessat2(dirfd, path, mode, flags); err != ENOSYS && err != EPERM {
-		return err
+	// Attempt to use the newer faccessat2, which supports flags directly,
+	// falling back if it doesn't exist.
+	//
+	// Don't attempt on Android, which does not allow faccessat2 through
+	// its seccomp policy [1] on any version of Android as of 2022-12-20.
+	//
+	// [1] https://cs.android.com/android/platform/superproject/+/master:bionic/libc/SECCOMP_BLOCKLIST_APP.TXT;l=4;drc=dbb8670dfdcc677f7e3b9262e93800fa14c4e417
+	if runtime.GOOS != "android" {
+		if err := faccessat2(dirfd, path, mode, flags); err != ENOSYS && err != EPERM {
+			return err
+		}
 	}

 	// The Linux kernel faccessat system call does not take any flags.