summaryrefslogtreecommitdiff
path: root/docs/html/sdk/api_diff/16/changes
diff options
context:
space:
mode:
authorMartijn Coenen <maco@google.com>2020-06-02 09:45:52 +0200
committerMartijn Coenen <maco@google.com>2020-06-02 16:43:41 +0000
commit7c8779c098930ea469f1bcdad8f0c7908c1255d1 (patch)
tree4478169cf3f3b4b270ac6422a3334e069c51aeeb /docs/html/sdk/api_diff/16/changes
parentff0af3d0c21b469aa06bc9bbf185244d4f0a22e8 (diff)
Drop supplementary groups for child zygotes.
Child zygotes like Webview zygote and App zygote are created with an empty supplementary group list; this was intended to drop all groups, but instead we don't call setgroups() at all, which means that these child zygotes are run with the same groups as the parent zygotes. Currently those groups are AID_READPROC and AID_RESERVED_DISK, and the child zygotes should need neither: AID_READPROC is only used for wrapping with the wrap.com.packagename sysprop, which doesn't really make sense for child zygotes. AID_RESERVED_DISK shouldn't be needed because child zygotes and their children are not critical, and therefore shouldn't be able to use reserved disk space. Remove the groups by explicitly call setgroups(0, NULL); for child zygotes. Bug: 156741968 Test: observe /proc/zygote_pid/status, notice groups are empty Test: atest CtsExternalServiceTestCases Change-Id: I4ee43a8bb9d86ff6f620437fb290481365a9e988
Diffstat (limited to 'docs/html/sdk/api_diff/16/changes')
0 files changed, 0 insertions, 0 deletions