give zygote AID_READPROC In zygote wrapping mode, ZygoteConnection does a check to see if the pid reported by the wrapped process is either child process that was forked, or a decendent of it. This requires read access to other processes /proc files. Grant zygote AID_READPROC to allow this access. Bug: 32610632 Test: manual inspection of /proc files to verify group. Test: manual inspection of zygote's children to make sure they do not inherit AID_READPROC Change-Id: I3619a9ae33c8077e068e8024f7c7d44cfca6fb76

commit: c21169c59f5f7571ab38cc5a2c29ff3e69bee54d [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Nov 02 13:35:12 2016 -0700
committer: Nick Kralevich <nnk@google.com> Wed Nov 02 13:48:32 2016 -0700
tree: 07f4ad9f5ce961de393def916d4aa80569aa5f27
parent: c54c533cf6c2951d77a2d725902963008008a129 [diff] [blame]
diff --git a/rootdir/init.zygote64.rc b/rootdir/init.zygote64.rc
index 13ffd7e..6742127 100644
--- a/rootdir/init.zygote64.rc
+++ b/rootdir/init.zygote64.rc

@@ -1,6 +1,8 @@
 service zygote /system/bin/app_process64 -Xzygote /system/bin --zygote --start-system-server
     class main
     priority -20
+    user root
+    group root readproc
     socket zygote stream 660 root system
     onrestart write /sys/android_power/request_state wake
     onrestart write /sys/power/state on
commit	c21169c59f5f7571ab38cc5a2c29ff3e69bee54d	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Nov 02 13:35:12 2016 -0700
committer	Nick Kralevich <nnk@google.com>	Wed Nov 02 13:48:32 2016 -0700
tree	07f4ad9f5ce961de393def916d4aa80569aa5f27
parent	c54c533cf6c2951d77a2d725902963008008a129 [diff] [blame]