Clean environment variables to account for sandbox work directory.
Unset HOME to prevent username leak.
Bug: 363037195
Change-Id: I7a8694f746d58de8f6e41adb6ad52abbaf955ef4
diff --git a/ui/build/config.go b/ui/build/config.go
index dfe0dfe..90b98f5 100644
--- a/ui/build/config.go
+++ b/ui/build/config.go
@@ -214,6 +214,10 @@
sandboxConfig: &SandboxConfig{},
ninjaWeightListSource: DEFAULT,
}
+ wd, err := os.Getwd()
+ if err != nil {
+ ctx.Fatalln("Failed to get working directory:", err)
+ }
// Skip soong tests by default on Linux
if runtime.GOOS == "linux" {
@@ -245,17 +249,13 @@
// Make sure OUT_DIR is set appropriately
if outDir, ok := ret.environ.Get("OUT_DIR"); ok {
- ret.environ.Set("OUT_DIR", filepath.Clean(outDir))
+ ret.environ.Set("OUT_DIR", ret.sandboxPath(wd, filepath.Clean(outDir)))
} else {
outDir := "out"
if baseDir, ok := ret.environ.Get("OUT_DIR_COMMON_BASE"); ok {
- if wd, err := os.Getwd(); err != nil {
- ctx.Fatalln("Failed to get working directory:", err)
- } else {
- outDir = filepath.Join(baseDir, filepath.Base(wd))
- }
+ outDir = filepath.Join(baseDir, filepath.Base(wd))
}
- ret.environ.Set("OUT_DIR", outDir)
+ ret.environ.Set("OUT_DIR", ret.sandboxPath(wd, outDir))
}
// loadEnvConfig needs to know what the OUT_DIR is, so it should
@@ -350,6 +350,9 @@
// Use config.useN2 instead.
"SOONG_USE_N2",
+
+ // Leaks usernames into environment.
+ "HOME",
)
if ret.UseGoma() || ret.ForceUseGoma() {
@@ -361,12 +364,12 @@
ret.environ.Set("PYTHONDONTWRITEBYTECODE", "1")
tmpDir := absPath(ctx, ret.TempDir())
- ret.environ.Set("TMPDIR", tmpDir)
+ ret.environ.Set("TMPDIR", ret.sandboxPath(wd, tmpDir))
// Always set ASAN_SYMBOLIZER_PATH so that ASAN-based tools can symbolize any crashes
symbolizerPath := filepath.Join("prebuilts/clang/host", ret.HostPrebuiltTag(),
"llvm-binutils-stable/llvm-symbolizer")
- ret.environ.Set("ASAN_SYMBOLIZER_PATH", absPath(ctx, symbolizerPath))
+ ret.environ.Set("ASAN_SYMBOLIZER_PATH", ret.sandboxPath(wd, absPath(ctx, symbolizerPath)))
// Precondition: the current directory is the top of the source tree
checkTopDir(ctx)
@@ -420,15 +423,18 @@
ret.configureLocale(ctx)
- newPath := []string{filepath.Join(absJavaHome, "bin")}
+ newPath := []string{ret.sandboxPath(wd, filepath.Join(absJavaHome, "bin"))}
if path, ok := ret.environ.Get("PATH"); ok && path != "" {
- newPath = append(newPath, path)
+ entries := strings.Split(path, string(filepath.ListSeparator))
+ for _, ent := range entries {
+ newPath = append(newPath, ret.sandboxPath(wd, ent))
+ }
}
ret.environ.Unset("OVERRIDE_ANDROID_JAVA_HOME")
- ret.environ.Set("JAVA_HOME", absJavaHome)
- ret.environ.Set("ANDROID_JAVA_HOME", javaHome)
- ret.environ.Set("ANDROID_JAVA8_HOME", java8Home)
+ ret.environ.Set("JAVA_HOME", ret.sandboxPath(wd, absJavaHome))
+ ret.environ.Set("ANDROID_JAVA_HOME", ret.sandboxPath(wd, javaHome))
+ ret.environ.Set("ANDROID_JAVA8_HOME", ret.sandboxPath(wd, java8Home))
ret.environ.Set("PATH", strings.Join(newPath, string(filepath.ListSeparator)))
// b/286885495, https://bugzilla.redhat.com/show_bug.cgi?id=2227130: some versions of Fedora include patches
@@ -444,7 +450,7 @@
ret.buildDateTime = strconv.FormatInt(time.Now().Unix(), 10)
}
- ret.environ.Set("BUILD_DATETIME_FILE", buildDateTimeFile)
+ ret.environ.Set("BUILD_DATETIME_FILE", ret.sandboxPath(wd, buildDateTimeFile))
if _, ok := ret.environ.Get("BUILD_USERNAME"); !ok {
username := "unknown"
@@ -455,6 +461,7 @@
}
ret.environ.Set("BUILD_USERNAME", username)
}
+ ret.environ.Set("PWD", ret.sandboxPath(wd, wd))
if ret.UseRBE() {
for k, v := range getRBEVars(ctx, Config{ret}) {
@@ -1296,6 +1303,19 @@
return err == nil
}
+func (c *configImpl) sandboxPath(base, in string) string {
+ if !c.UseABFS() {
+ return in
+ }
+
+ rel, err := filepath.Rel(base, in)
+ if err != nil {
+ return in
+ }
+
+ return filepath.Join(abfsSrcDir, rel)
+}
+
func (c *configImpl) UseRBE() bool {
// These alternate modes of running Soong do not use RBE / reclient.
if c.Queryview() || c.JsonModuleGraph() {
@@ -1716,6 +1736,11 @@
}
func (c *configImpl) SkipMetricsUpload() bool {
+ // b/362625275 - Metrics upload sometimes prevents abfs unmount
+ if c.UseABFS() {
+ return true
+ }
+
return c.skipMetricsUpload
}