diff options
author | Christopher Ferris <cferris@google.com> | 2016-05-05 11:13:50 -0700 |
---|---|---|
committer | Christopher Ferris <cferris@google.com> | 2016-05-05 15:47:16 -0700 |
commit | 8b474de4acd97f22dd0f8a63654749c372263b25 (patch) | |
tree | 2c9cd6eae3201d394de36729227f913509047c92 /debuggerd | |
parent | 830561bb2b34ca8c09be4860380e9032202c3112 (diff) | |
download | core-8b474de4acd97f22dd0f8a63654749c372263b25.tar.gz core-8b474de4acd97f22dd0f8a63654749c372263b25.tar.bz2 core-8b474de4acd97f22dd0f8a63654749c372263b25.zip |
Set groups before dropping privileges.
The code for dumping tombstones tries to read the log data. This was
silently failing after the change to drop root privileges. Fix this
by explicitly setting the groups allowed before dropping privileges.
Bug: 28590884
(cherry picked from commit edc23801091f1a909efe130e0dba8abab3329eb5)
Change-Id: I225365edccb11f8752027566fd42f3b10ce10260
Diffstat (limited to 'debuggerd')
-rw-r--r-- | debuggerd/debuggerd.cpp | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/debuggerd/debuggerd.cpp b/debuggerd/debuggerd.cpp index c1ea36835..d87594c20 100644 --- a/debuggerd/debuggerd.cpp +++ b/debuggerd/debuggerd.cpp @@ -511,13 +511,21 @@ static bool perform_dump(const debugger_request_t& request, int fd, int tombston } static bool drop_privileges() { + // AID_LOG: for reading the logs data associated with the crashing process. + // AID_READPROC: for reading /proc/<PID>/{comm,cmdline}. + gid_t groups[] = { AID_DEBUGGERD, AID_LOG, AID_READPROC }; + if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) != 0) { + ALOGE("debuggerd: failed to setgroups: %s", strerror(errno)); + return false; + } + if (setresgid(AID_DEBUGGERD, AID_DEBUGGERD, AID_DEBUGGERD) != 0) { - ALOGE("debuggerd: failed to setresgid"); + ALOGE("debuggerd: failed to setresgid: %s", strerror(errno)); return false; } if (setresuid(AID_DEBUGGERD, AID_DEBUGGERD, AID_DEBUGGERD) != 0) { - ALOGE("debuggerd: failed to setresuid"); + ALOGE("debuggerd: failed to setresuid: %s", strerror(errno)); return false; } |