Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0a5d18b0 authored by Martijn Coenen's avatar Martijn Coenen Committed by Automerger Merge Worker
Browse files

Merge "Drop supplementary groups for child zygotes." into rvc-dev am: 1a081317 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11691823

Change-Id: I9e779bbf8bcf842d07665748355a1e3ea8022081
parents 2acfeae2 1a081317

core/jni/com_android_internal_os_Zygote.cpp

+10 −2
Original line number Diff line number Diff line
@@ -531,8 +531,16 @@ static void UnsetChldSignalHandler() { 


// Calls POSIX setgroups() using the int[] object as an argument.

// A nullptr argument is tolerated.

static void SetGids(JNIEnv* env, jintArray managed_gids, fail_fn_t fail_fn) {

static void SetGids(JNIEnv* env, jintArray managed_gids, jboolean is_child_zygote,

                    fail_fn_t fail_fn) {

  if (managed_gids == nullptr) {

    if (is_child_zygote) {

      // For child zygotes like webview and app zygote, we want to clear out

      // any supplemental groups the parent zygote had.

      if (setgroups(0, NULL) == -1) {

        fail_fn(CREATE_ERROR("Failed to remove supplementary groups for child zygote"));

      }

    }

    return;

  }
@@ -1692,7 +1700,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, 
    }

  }



  SetGids(env, gids, fail_fn);

  SetGids(env, gids, is_child_zygote, fail_fn);

  SetRLimits(env, rlimits, fail_fn);



  if (need_pre_initialize_native_bridge) {