diff options
| author | Martijn Coenen <maco@google.com> | 2020-06-02 09:45:52 +0200 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-06-11 07:25:48 +0000 |
| commit | b69366e16d874ab700c32e4695a8ae6199477d69 (patch) | |
| tree | c2e8f685504e52281c39455a1661f1302dcba2da | |
| parent | e7d357e89d57c6dabd6281bd95218f5677044dd6 (diff) | |
| download | base-b69366e16d874ab700c32e4695a8ae6199477d69.tar.gz | |
Drop supplementary groups for child zygotes.
Child zygotes like Webview zygote and App zygote are created with an
empty supplementary group list; this was intended to drop all groups,
but instead we don't call setgroups() at all, which means that these
child zygotes are run with the same groups as the parent zygotes.
Currently those groups are AID_READPROC and AID_RESERVED_DISK, and the
child zygotes should need neither: AID_READPROC is only used for
wrapping with the wrap.com.packagename sysprop, which doesn't really
make sense for child zygotes. AID_RESERVED_DISK shouldn't be needed
because child zygotes and their children are not critical, and therefore
shouldn't be able to use reserved disk space.
Remove the groups by explicitly call setgroups(0, NULL); for child
zygotes.
Bug: 156741968
Test: observe /proc/zygote_pid/status, notice groups are empty
Test: atest CtsExternalServiceTestCases
Change-Id: I4ee43a8bb9d86ff6f620437fb290481365a9e988
(cherry picked from commit 5a45262741f6410a61bec59a41b4229e349a00b7)
| -rw-r--r-- | core/jni/com_android_internal_os_Zygote.cpp | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index 82c27f02ba87..d03ef8a55719 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -429,8 +429,16 @@ static void UnsetChldSignalHandler() { // Calls POSIX setgroups() using the int[] object as an argument. // A nullptr argument is tolerated. -static void SetGids(JNIEnv* env, jintArray managed_gids, fail_fn_t fail_fn) { +static void SetGids(JNIEnv* env, jintArray managed_gids, jboolean is_child_zygote, + fail_fn_t fail_fn) { if (managed_gids == nullptr) { + if (is_child_zygote) { + // For child zygotes like webview and app zygote, we want to clear out + // any supplemental groups the parent zygote had. + if (setgroups(0, NULL) == -1) { + fail_fn(CREATE_ERROR("Failed to remove supplementary groups for child zygote")); + } + } return; } @@ -1015,7 +1023,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, } } - SetGids(env, gids, fail_fn); + SetGids(env, gids, is_child_zygote, fail_fn); SetRLimits(env, rlimits, fail_fn); if (use_native_bridge) { |