Set groups before dropping privileges. (edc23801) · Commits · e / os / android_system_core

debuggerd/debuggerd.cpp

+10 −2

Original line number	Diff line number	Diff line
		@@ -513,13 +513,21 @@ static bool perform_dump(const debugger_request_t& request, int fd, int tombston
		}

		static bool drop_privileges() {
		// AID_LOG: for reading the logs data associated with the crashing process.
		// AID_READPROC: for reading /proc/<PID>/{comm,cmdline}.
		gid_t groups[] = { AID_DEBUGGERD, AID_LOG, AID_READPROC };
		if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) != 0) {
		ALOGE("debuggerd: failed to setgroups: %s", strerror(errno));
		return false;
		}

		if (setresgid(AID_DEBUGGERD, AID_DEBUGGERD, AID_DEBUGGERD) != 0) {
		ALOGE("debuggerd: failed to setresgid");
		ALOGE("debuggerd: failed to setresgid: %s", strerror(errno));
		return false;
		}

		if (setresuid(AID_DEBUGGERD, AID_DEBUGGERD, AID_DEBUGGERD) != 0) {
		ALOGE("debuggerd: failed to setresuid");
		ALOGE("debuggerd: failed to setresuid: %s", strerror(errno));
		return false;
		}