Merge "libprocessgroup: Remove unnecessary permissions change in uid/pid hierarchy"

commit: 86e0c6f409902ea55e288fab4ae08ee3075befe0 [log] [tgz]
author: Suren Baghdasaryan <surenb@google.com> Wed Jul 07 23:09:48 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Jul 07 23:09:48 2021 +0000
tree: b48f09a1d3cc7badb376efbabe9ee4107ec9a69f
parent: ccea7dfae7472af7500ac8a623256b22a33fc79f [diff]
parent: 29c9e26776a3d6ef51a86799620f3d5ea38b6846 [diff]
diff --git a/init/devices.cpp b/init/devices.cpp
index ce6298a..56c6623 100644
--- a/init/devices.cpp
+++ b/init/devices.cpp

@@ -264,6 +264,8 @@
         setfscreatecon(secontext.c_str());
     }
 
+    gid_t new_group = -1;
+
     dev_t dev = makedev(major, minor);
     /* Temporarily change egid to avoid race condition setting the gid of the
      * device node. Unforunately changing the euid would prevent creation of
@@ -291,10 +293,21 @@
             PLOG(ERROR) << "Cannot set '" << secontext << "' SELinux label on '" << path
                         << "' device";
         }
+
+        struct stat s;
+        if (stat(path.c_str(), &s) == 0) {
+            if (gid != s.st_gid) {
+                new_group = gid;
+            }
+        } else {
+            PLOG(ERROR) << "Cannot stat " << path;
+        }
     }
 
 out:
-    chown(path.c_str(), uid, -1);
+    if (chown(path.c_str(), uid, new_group) < 0) {
+        PLOG(ERROR) << "Cannot chown " << path << " " << uid << " " << new_group;
+    }
     if (setegid(AID_ROOT)) {
         PLOG(FATAL) << "setegid(AID_ROOT) failed";
     }
commit	86e0c6f409902ea55e288fab4ae08ee3075befe0	[log] [tgz]
author	Suren Baghdasaryan <surenb@google.com>	Wed Jul 07 23:09:48 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Jul 07 23:09:48 2021 +0000
tree	b48f09a1d3cc7badb376efbabe9ee4107ec9a69f
parent	ccea7dfae7472af7500ac8a623256b22a33fc79f [diff]
parent	29c9e26776a3d6ef51a86799620f3d5ea38b6846 [diff]