diff options
| author | Narayan Kamath <narayan@google.com> | 2015-01-16 17:22:41 +0000 |
|---|---|---|
| committer | Narayan Kamath <narayan@google.com> | 2015-01-16 17:40:35 +0000 |
| commit | 23e68780be581a1bb05110f16ad56d1da2bed1e9 (patch) | |
| tree | a803c10ddeebdf3fdb4679811e83310ab9f6be67 /core/java | |
| parent | 706f6cf3839cc3e268e108a8e2e1ac0b2a2287a2 (diff) | |
| download | frameworks_base-23e68780be581a1bb05110f16ad56d1da2bed1e9.zip frameworks_base-23e68780be581a1bb05110f16ad56d1da2bed1e9.tar.gz frameworks_base-23e68780be581a1bb05110f16ad56d1da2bed1e9.tar.bz2 | |
Fix handling of wrapped processes [part 2]
Drop privileges only if we're root. Zygote.preloadClasses can
be called from a non-root uid / gid in the case of wrapped classes,
so we shouldn't die from the resulting EPERM.
Change-Id: Ie3fbe50a17ec49bcbcb875c3a2ee1e1a3a62e88d
Diffstat (limited to 'core/java')
| -rw-r--r-- | core/java/com/android/internal/os/ZygoteInit.java | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java index 0fa9a97..e6f3c0a 100644 --- a/core/java/com/android/internal/os/ZygoteInit.java +++ b/core/java/com/android/internal/os/ZygoteInit.java @@ -17,7 +17,6 @@ package com.android.internal.os; import static android.system.OsConstants.POLLIN; -import static android.system.OsConstants.POLLOUT; import static android.system.OsConstants.S_IRWXG; import static android.system.OsConstants.S_IRWXO; @@ -276,11 +275,22 @@ public class ZygoteInit { long startTime = SystemClock.uptimeMillis(); // Drop root perms while running static initializers. - try { - Os.setregid(ROOT_GID, UNPRIVILEGED_GID); - Os.setreuid(ROOT_UID, UNPRIVILEGED_UID); - } catch (ErrnoException ex) { - throw new RuntimeException("Failed to drop root", ex); + final int reuid = Os.getuid(); + final int regid = Os.getgid(); + + // We need to drop root perms only if we're already root. In the case of "wrapped" + // processes (see WrapperInit), this function is called from an unprivileged uid + // and gid. + boolean droppedPriviliges = false; + if (reuid == ROOT_UID && regid == ROOT_GID) { + try { + Os.setregid(ROOT_GID, UNPRIVILEGED_GID); + Os.setreuid(ROOT_UID, UNPRIVILEGED_UID); + } catch (ErrnoException ex) { + throw new RuntimeException("Failed to drop root", ex); + } + + droppedPriviliges = true; } // Alter the target heap utilization. With explicit GCs this @@ -335,12 +345,14 @@ public class ZygoteInit { // Fill in dex caches with classes, fields, and methods brought in by preloading. runtime.preloadDexCaches(); - // Bring back root. We'll need it later. - try { - Os.setreuid(ROOT_UID, ROOT_UID); - Os.setregid(ROOT_GID, ROOT_GID); - } catch (ErrnoException ex) { - throw new RuntimeException("Failed to restore root", ex); + // Bring back root. We'll need it later if we're in the zygote. + if (droppedPriviliges) { + try { + Os.setreuid(ROOT_UID, ROOT_UID); + Os.setregid(ROOT_GID, ROOT_GID); + } catch (ErrnoException ex) { + throw new RuntimeException("Failed to restore root", ex); + } } } } |