clatd: drop AID_INET and AID_VPN supplementary groups am: 7c87aaa50a Original change: https://android-review.googlesource.com/c/platform/external/android-clat/+/1895706 Change-Id: I082a65bc9836f9ca186f538518387e5e9c00bc12

commit: 9c78a85b2196e170d34071a469f1f07f86d39316 [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Thu Nov 18 22:10:24 2021 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Nov 18 22:10:24 2021 +0000
tree: 68e3dececd525389b257abb9310662a6e68acb26
parent: 4544c87526dd35eb1e49159da82ca8182e3c6def [diff]
parent: 7c87aaa50a8c0068d91b8980ec3cab57916d5258 [diff]
diff --git a/clatd.c b/clatd.c
index 86850b0..bd2bf62 100644
--- a/clatd.c
+++ b/clatd.c

@@ -159,8 +159,8 @@
  * drops root privs but keeps the needed capabilities
  */
 void drop_root_but_keep_caps() {
-  gid_t groups[] = { AID_INET, AID_VPN };
-  if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) < 0) {
+  // see man setgroups: this drops all supplementary groups
+  if (setgroups(0, NULL) < 0) {
     logmsg(ANDROID_LOG_FATAL, "setgroups failed: %s", strerror(errno));
     exit(1);
   }
commit	9c78a85b2196e170d34071a469f1f07f86d39316	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Thu Nov 18 22:10:24 2021 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Thu Nov 18 22:10:24 2021 +0000
tree	68e3dececd525389b257abb9310662a6e68acb26
parent	4544c87526dd35eb1e49159da82ca8182e3c6def [diff]
parent	7c87aaa50a8c0068d91b8980ec3cab57916d5258 [diff]