summaryrefslogtreecommitdiffstats
path: root/debuggerd
diff options
context:
space:
mode:
authorChristopher Ferris <cferris@google.com>2016-05-05 11:13:50 -0700
committerChristopher Ferris <cferris@google.com>2016-05-05 15:47:16 -0700
commit8b474de4acd97f22dd0f8a63654749c372263b25 (patch)
tree2c9cd6eae3201d394de36729227f913509047c92 /debuggerd
parent830561bb2b34ca8c09be4860380e9032202c3112 (diff)
downloadcore-8b474de4acd97f22dd0f8a63654749c372263b25.tar.gz
core-8b474de4acd97f22dd0f8a63654749c372263b25.tar.bz2
core-8b474de4acd97f22dd0f8a63654749c372263b25.zip
Set groups before dropping privileges.
The code for dumping tombstones tries to read the log data. This was silently failing after the change to drop root privileges. Fix this by explicitly setting the groups allowed before dropping privileges. Bug: 28590884 (cherry picked from commit edc23801091f1a909efe130e0dba8abab3329eb5) Change-Id: I225365edccb11f8752027566fd42f3b10ce10260
Diffstat (limited to 'debuggerd')
-rw-r--r--debuggerd/debuggerd.cpp12
1 files changed, 10 insertions, 2 deletions
diff --git a/debuggerd/debuggerd.cpp b/debuggerd/debuggerd.cpp
index c1ea36835..d87594c20 100644
--- a/debuggerd/debuggerd.cpp
+++ b/debuggerd/debuggerd.cpp
@@ -511,13 +511,21 @@ static bool perform_dump(const debugger_request_t& request, int fd, int tombston
}
static bool drop_privileges() {
+ // AID_LOG: for reading the logs data associated with the crashing process.
+ // AID_READPROC: for reading /proc/<PID>/{comm,cmdline}.
+ gid_t groups[] = { AID_DEBUGGERD, AID_LOG, AID_READPROC };
+ if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) != 0) {
+ ALOGE("debuggerd: failed to setgroups: %s", strerror(errno));
+ return false;
+ }
+
if (setresgid(AID_DEBUGGERD, AID_DEBUGGERD, AID_DEBUGGERD) != 0) {
- ALOGE("debuggerd: failed to setresgid");
+ ALOGE("debuggerd: failed to setresgid: %s", strerror(errno));
return false;
}
if (setresuid(AID_DEBUGGERD, AID_DEBUGGERD, AID_DEBUGGERD) != 0) {
- ALOGE("debuggerd: failed to setresuid");
+ ALOGE("debuggerd: failed to setresuid: %s", strerror(errno));
return false;
}