From 7c8779c098930ea469f1bcdad8f0c7908c1255d1 Mon Sep 17 00:00:00 2001 From: Martijn Coenen Date: Tue, 2 Jun 2020 09:45:52 +0200 Subject: Drop supplementary groups for child zygotes. Child zygotes like Webview zygote and App zygote are created with an empty supplementary group list; this was intended to drop all groups, but instead we don't call setgroups() at all, which means that these child zygotes are run with the same groups as the parent zygotes. Currently those groups are AID_READPROC and AID_RESERVED_DISK, and the child zygotes should need neither: AID_READPROC is only used for wrapping with the wrap.com.packagename sysprop, which doesn't really make sense for child zygotes. AID_RESERVED_DISK shouldn't be needed because child zygotes and their children are not critical, and therefore shouldn't be able to use reserved disk space. Remove the groups by explicitly call setgroups(0, NULL); for child zygotes. Bug: 156741968 Test: observe /proc/zygote_pid/status, notice groups are empty Test: atest CtsExternalServiceTestCases Change-Id: I4ee43a8bb9d86ff6f620437fb290481365a9e988 --- core/jni/com_android_internal_os_Zygote.cpp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index 82c27f02ba87..d03ef8a55719 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -429,8 +429,16 @@ static void UnsetChldSignalHandler() { // Calls POSIX setgroups() using the int[] object as an argument. // A nullptr argument is tolerated. -static void SetGids(JNIEnv* env, jintArray managed_gids, fail_fn_t fail_fn) { +static void SetGids(JNIEnv* env, jintArray managed_gids, jboolean is_child_zygote, + fail_fn_t fail_fn) { if (managed_gids == nullptr) { + if (is_child_zygote) { + // For child zygotes like webview and app zygote, we want to clear out + // any supplemental groups the parent zygote had. + if (setgroups(0, NULL) == -1) { + fail_fn(CREATE_ERROR("Failed to remove supplementary groups for child zygote")); + } + } return; } @@ -1015,7 +1023,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, } } - SetGids(env, gids, fail_fn); + SetGids(env, gids, is_child_zygote, fail_fn); SetRLimits(env, rlimits, fail_fn); if (use_native_bridge) { -- cgit v1.2.3-59-g8ed1b