Merge "Set groups before dropping privileges." into nyc-dev
am: fd1eee58f9
* commit 'fd1eee58f985b3d528ca352ff278d7b200390ab2':
Set groups before dropping privileges.
Change-Id: I85c98abb0e7cc3b36ec714899540d65e6ca908c7
diff --git a/debuggerd/debuggerd.cpp b/debuggerd/debuggerd.cpp
index d2e6c29..4a1f4db 100644
--- a/debuggerd/debuggerd.cpp
+++ b/debuggerd/debuggerd.cpp
@@ -512,13 +512,21 @@
}
static bool drop_privileges() {
+ // AID_LOG: for reading the logs data associated with the crashing process.
+ // AID_READPROC: for reading /proc/<PID>/{comm,cmdline}.
+ gid_t groups[] = { AID_DEBUGGERD, AID_LOG, AID_READPROC };
+ if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) != 0) {
+ ALOGE("debuggerd: failed to setgroups: %s", strerror(errno));
+ return false;
+ }
+
if (setresgid(AID_DEBUGGERD, AID_DEBUGGERD, AID_DEBUGGERD) != 0) {
- ALOGE("debuggerd: failed to setresgid");
+ ALOGE("debuggerd: failed to setresgid: %s", strerror(errno));
return false;
}
if (setresuid(AID_DEBUGGERD, AID_DEBUGGERD, AID_DEBUGGERD) != 0) {
- ALOGE("debuggerd: failed to setresuid");
+ ALOGE("debuggerd: failed to setresuid: %s", strerror(errno));
return false;
}