Extended restricted filesystem to support relative paths.

documentation/filesystem_access.txt

Index: documentation/filesystem_access.txt
diff --git a/documentation/filesystem_access.txt b/documentation/filesystem_access.txt
index b7016de87c8c73dcaf0091c99b98bfb78d499a4b..972eb72f45331eeec01ddc4fa220ca5a8a96c23e 100644
--- a/documentation/filesystem_access.txt
+++ b/documentation/filesystem_access.txt
@@ -16,7 +16,6 @@ be guaranteed by the caller:
  * The mounted directory is assumed to not include any symlinks.
 
 These constraints will be enforced by sel_ldr:
- * Pathnames must be absolute. Relative pathnames are explicitly disallowed.
  * Pathnames may not include the substring "..".
  * Access to filesystem within sel_ldr will behave as if as if the mounted
    directory is root.
@@ -38,7 +37,8 @@ All of the given requirements can be satisfied by this `chroot`-style
 interface:
 
  * The only overhead for file I/O is in adding (and sanitizing) a path prefix
-   to absolute paths passed through to the host.
+   to absolute paths passed through to the host, or the cwd to relative paths
+   passed through to the host.
  * Read-only or read/write access can be controlled using normal filesystem
    permissions for the user running the `sel_ldr` process.
  * Using host-side filesystem primitives such as Linux bind mounts, users can
@@ -71,6 +71,8 @@ Given that strategy, the following syscall changes were straightforward:
 Path sanitization happens through a three stage process:
 
 1) Ensure the user's path is absolute.
+   If the user's path is relative, transform it to be absolute by prepending
+   the cwd. This requires that the cwd is within the mounted directory.
 2) Prefix the path to the mounted directory.
 3) Ensure that the path does not contain "..".