clatd: drop AID_INET and AID_VPN supplementary groups am: 7c87aaa50a am: 9c78a85b21 am: 6f9bd72b59 Original change: https://android-review.googlesource.com/c/platform/external/android-clat/+/1895706 Change-Id: Ic34a3218ff695c46dce259505112c75700de5822

commit: 32e46aa7d9dc6e3f62a55476273f7f495210306f [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Thu Nov 18 22:52:28 2021 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Nov 18 22:52:28 2021 +0000
tree: 68e3dececd525389b257abb9310662a6e68acb26
parent: e3169fdbef92a7e595e53c7c0bad0d0c75ea65c5 [diff]
parent: 6f9bd72b5956d6bbf6e7a10f7fbffc3d4bd0096f [diff]
diff --git a/clatd.c b/clatd.c
index 86850b0..bd2bf62 100644
--- a/clatd.c
+++ b/clatd.c

@@ -159,8 +159,8 @@
  * drops root privs but keeps the needed capabilities
  */
 void drop_root_but_keep_caps() {
-  gid_t groups[] = { AID_INET, AID_VPN };
-  if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) < 0) {
+  // see man setgroups: this drops all supplementary groups
+  if (setgroups(0, NULL) < 0) {
     logmsg(ANDROID_LOG_FATAL, "setgroups failed: %s", strerror(errno));
     exit(1);
   }
commit	32e46aa7d9dc6e3f62a55476273f7f495210306f	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Thu Nov 18 22:52:28 2021 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Nov 18 22:52:28 2021 +0000
tree	68e3dececd525389b257abb9310662a6e68acb26
parent	e3169fdbef92a7e595e53c7c0bad0d0c75ea65c5 [diff]
parent	6f9bd72b5956d6bbf6e7a10f7fbffc3d4bd0096f [diff]