clatd: drop AID_INET and AID_VPN supplementary groups am: 7c87aaa50a am: 9c78a85b21 Original change: https://android-review.googlesource.com/c/platform/external/android-clat/+/1895706 Change-Id: Ib4b0b4405a51c1dfe5716aa5087569b9fa53877e

commit: 6f9bd72b5956d6bbf6e7a10f7fbffc3d4bd0096f [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Thu Nov 18 22:28:43 2021 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Nov 18 22:28:43 2021 +0000
tree: 68e3dececd525389b257abb9310662a6e68acb26
parent: 2c04e5fbc320a02eddc06420a114c81c50ba2cbc [diff]
parent: 9c78a85b2196e170d34071a469f1f07f86d39316 [diff]
diff --git a/clatd.c b/clatd.c
index 86850b0..bd2bf62 100644
--- a/clatd.c
+++ b/clatd.c

@@ -159,8 +159,8 @@
  * drops root privs but keeps the needed capabilities
  */
 void drop_root_but_keep_caps() {
-  gid_t groups[] = { AID_INET, AID_VPN };
-  if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) < 0) {
+  // see man setgroups: this drops all supplementary groups
+  if (setgroups(0, NULL) < 0) {
     logmsg(ANDROID_LOG_FATAL, "setgroups failed: %s", strerror(errno));
     exit(1);
   }
commit	6f9bd72b5956d6bbf6e7a10f7fbffc3d4bd0096f	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Thu Nov 18 22:28:43 2021 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Nov 18 22:28:43 2021 +0000
tree	68e3dececd525389b257abb9310662a6e68acb26
parent	2c04e5fbc320a02eddc06420a114c81c50ba2cbc [diff]
parent	9c78a85b2196e170d34071a469f1f07f86d39316 [diff]