Allow read access to /proc entries for other UIDs
Allow dumpstate (aka adb bugreport), servicemanager, and
surfaceflinger to access /proc entries associated with other UIDs.
Bug: 23310674
Change-Id: I385dcf0db3376ba979409cbe6fe1a468d36237ef
diff --git a/cmds/dumpstate/dumpstate.c b/cmds/dumpstate/dumpstate.c
index 0a393fd..bbce3c2 100644
--- a/cmds/dumpstate/dumpstate.c
+++ b/cmds/dumpstate/dumpstate.c
@@ -694,7 +694,7 @@
/* switch to non-root user and group */
gid_t groups[] = { AID_LOG, AID_SDCARD_R, AID_SDCARD_RW,
- AID_MOUNT, AID_INET, AID_NET_BW_STATS };
+ AID_MOUNT, AID_INET, AID_NET_BW_STATS, AID_READPROC };
if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) != 0) {
ALOGE("Unable to setgroups, aborting: %s\n", strerror(errno));
return -1;
diff --git a/cmds/servicemanager/servicemanager.rc b/cmds/servicemanager/servicemanager.rc
index e73516d..b70fda7 100644
--- a/cmds/servicemanager/servicemanager.rc
+++ b/cmds/servicemanager/servicemanager.rc
@@ -1,7 +1,7 @@
service servicemanager /system/bin/servicemanager
class core
user system
- group system
+ group system readproc
critical
onrestart restart healthd
onrestart restart zygote
diff --git a/services/surfaceflinger/surfaceflinger.rc b/services/surfaceflinger/surfaceflinger.rc
index 59a43e2..eb9bd25 100644
--- a/services/surfaceflinger/surfaceflinger.rc
+++ b/services/surfaceflinger/surfaceflinger.rc
@@ -1,6 +1,6 @@
service surfaceflinger /system/bin/surfaceflinger
class core
user system
- group graphics drmrpc
+ group graphics drmrpc readproc
onrestart restart zygote
writepid /dev/cpuset/system-background/tasks