summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNick Kralevich <nnk@google.com>2013-03-29 16:24:05 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>2013-03-29 16:24:06 +0000
commit191fe44c972e7f45f4bac1cee27522ae244da498 (patch)
tree1e2deefbdcbd1ba18dae0d14f6a3270c4e4cda04
parentc8df252fa16d328be197ecc5280a2f8c2aacb5ad (diff)
parentb0f1540f2a1959120d1b083fa14d65f5c45335f8 (diff)
downloadsystem_core-191fe44c972e7f45f4bac1cee27522ae244da498.zip
system_core-191fe44c972e7f45f4bac1cee27522ae244da498.tar.gz
system_core-191fe44c972e7f45f4bac1cee27522ae244da498.tar.bz2
Merge "run-as: Don't require CAP_DAC_READ_SEARCH"
-rw-r--r--run-as/package.c19
1 files changed, 18 insertions, 1 deletions
diff --git a/run-as/package.c b/run-as/package.c
index dce132e..27fc1eb 100644
--- a/run-as/package.c
+++ b/run-as/package.c
@@ -80,13 +80,30 @@ map_file(const char* filename, size_t* filesize)
struct stat st;
size_t length = 0;
void* address = NULL;
+ gid_t oldegid;
*filesize = 0;
+ /*
+ * Temporarily switch effective GID to allow us to read
+ * the packages file
+ */
+
+ oldegid = getegid();
+ if (setegid(AID_SYSTEM) < 0) {
+ return NULL;
+ }
+
/* open the file for reading */
fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
- if (fd < 0)
+ if (fd < 0) {
return NULL;
+ }
+
+ /* restore back to our old egid */
+ if (setegid(oldegid) < 0) {
+ goto EXIT;
+ }
/* get its size */
ret = TEMP_FAILURE_RETRY(fstat(fd, &st));