Loading adb/daemon/main.cpp +4 −5 Original line number Diff line number Diff line Loading @@ -28,8 +28,10 @@ #include <memory> #include <android-base/logging.h> #include <android-base/macros.h> #include <android-base/stringprintf.h> #include <libminijail.h> #include <scoped_minijail.h> #include "cutils/properties.h" #include "debuggerd/client.h" Loading Loading @@ -99,8 +101,7 @@ static bool should_drop_privileges() { } static void drop_privileges(int server_port) { std::unique_ptr<minijail, void (*)(minijail*)> jail(minijail_new(), &minijail_destroy); ScopedMinijail jail(minijail_new()); // Add extra groups: // AID_ADB to access the USB driver Loading @@ -116,9 +117,7 @@ static void drop_privileges(int server_port) { AID_INET, AID_NET_BT, AID_NET_BT_ADMIN, AID_SDCARD_R, AID_SDCARD_RW, AID_NET_BW_STATS, AID_READPROC}; minijail_set_supplementary_gids(jail.get(), sizeof(groups) / sizeof(groups[0]), groups); minijail_set_supplementary_gids(jail.get(), arraysize(groups), groups); // Don't listen on a port (default 5037) if running in secure mode. // Don't run as root if running in secure mode. Loading sdcard/sdcard.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ #include <unistd.h> #include <android-base/logging.h> #include <android-base/macros.h> #include <cutils/fs.h> #include <cutils/hashmap.h> Loading Loading @@ -209,7 +210,7 @@ static int fuse_setup(struct fuse* fuse, gid_t gid, mode_t mask) { static void drop_privs(uid_t uid, gid_t gid) { ScopedMinijail j(minijail_new()); minijail_set_supplementary_gids(j.get(), sizeof(kGroups) / sizeof(kGroups[0]), kGroups); minijail_set_supplementary_gids(j.get(), arraysize(kGroups), kGroups); minijail_change_gid(j.get(), gid); minijail_change_uid(j.get(), uid); /* minijail_enter() will abort if priv-dropping fails. */ Loading Loading
adb/daemon/main.cpp +4 −5 Original line number Diff line number Diff line Loading @@ -28,8 +28,10 @@ #include <memory> #include <android-base/logging.h> #include <android-base/macros.h> #include <android-base/stringprintf.h> #include <libminijail.h> #include <scoped_minijail.h> #include "cutils/properties.h" #include "debuggerd/client.h" Loading Loading @@ -99,8 +101,7 @@ static bool should_drop_privileges() { } static void drop_privileges(int server_port) { std::unique_ptr<minijail, void (*)(minijail*)> jail(minijail_new(), &minijail_destroy); ScopedMinijail jail(minijail_new()); // Add extra groups: // AID_ADB to access the USB driver Loading @@ -116,9 +117,7 @@ static void drop_privileges(int server_port) { AID_INET, AID_NET_BT, AID_NET_BT_ADMIN, AID_SDCARD_R, AID_SDCARD_RW, AID_NET_BW_STATS, AID_READPROC}; minijail_set_supplementary_gids(jail.get(), sizeof(groups) / sizeof(groups[0]), groups); minijail_set_supplementary_gids(jail.get(), arraysize(groups), groups); // Don't listen on a port (default 5037) if running in secure mode. // Don't run as root if running in secure mode. Loading
sdcard/sdcard.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ #include <unistd.h> #include <android-base/logging.h> #include <android-base/macros.h> #include <cutils/fs.h> #include <cutils/hashmap.h> Loading Loading @@ -209,7 +210,7 @@ static int fuse_setup(struct fuse* fuse, gid_t gid, mode_t mask) { static void drop_privs(uid_t uid, gid_t gid) { ScopedMinijail j(minijail_new()); minijail_set_supplementary_gids(j.get(), sizeof(kGroups) / sizeof(kGroups[0]), kGroups); minijail_set_supplementary_gids(j.get(), arraysize(kGroups), kGroups); minijail_change_gid(j.get(), gid); minijail_change_uid(j.get(), uid); /* minijail_enter() will abort if priv-dropping fails. */ Loading
