give zygote AID_READPROC

In zygote wrapping mode, ZygoteConnection does a check to see if the pid
reported by the wrapped process is either child process that was
forked, or a decendent of it. This requires read access to other
processes /proc files. Grant zygote AID_READPROC to allow this access.

Bug: 32610632
Test: manual inspection of /proc files to verify group.
Test: manual inspection of zygote's children to make sure they do not
      inherit AID_READPROC

Change-Id: I3619a9ae33c8077e068e8024f7c7d44cfca6fb76

1 files changed, 4 insertions, 0 deletions

diff --git a/rootdir/init.zygote32_64.rc b/rootdir/init.zygote32_64.rc
index 3bfa0af93..1bbb00778 100644
--- a/rootdir/init.zygote32_64.rc
+++ b/rootdir/init.zygote32_64.rc
@@ -1,6 +1,8 @@
 service zygote /system/bin/app_process32 -Xzygote /system/bin --zygote --start-system-server --socket-name=zygote
     class main
     priority -20
+    user root
+    group root readproc
     socket zygote stream 660 root system
     onrestart write /sys/android_power/request_state wake
     onrestart write /sys/power/state on
@@ -13,6 +15,8 @@ service zygote /system/bin/app_process32 -Xzygote /system/bin --zygote --start-s
 service zygote_secondary /system/bin/app_process64 -Xzygote /system/bin --zygote --socket-name=zygote_secondary
     class main
     priority -20
+    user root
+    group root readproc
     socket zygote_secondary stream 660 root system
     onrestart restart zygote
     writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks