From 80960d2a9a6e15931d946cc826dcb3d5bf68ca4f Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Sat, 29 Oct 2016 12:20:00 -0700 Subject: [PATCH] init: Put init in group AID_READPROC bootcharts currently only show root's processes, which isn't very useful. To investigate and track boot duration issues, we need a way for init to see all the pids. Add init to GID 3009 (aka AID_READPROC) Ensure that init's children don't inherit this GID by always clearing supplementary group IDs on fork. Bug: 32506197 Test: Device boots and /proc/1/status says init is in gid 3009 Test: zygote starts and the Group: line in /proc/ZYGOTEPID/status is empty Change-Id: Iba90717aaa591f1d6030a379a272aee003600c0a Not-Tested: bootchart actually works. Speculative fix. --- init/init.cpp | 2 ++ init/service.cpp | 6 ++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/init/init.cpp b/init/init.cpp index 957527bd9..38cf45cc2 100644 --- a/init/init.cpp +++ b/init/init.cpp @@ -585,6 +585,8 @@ int main(int argc, char** argv) { mount("devpts", "/dev/pts", "devpts", 0, NULL); #define MAKE_STR(x) __STRING(x) mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)); + gid_t groups[] = { AID_READPROC }; + setgroups(arraysize(groups), groups); mount("sysfs", "/sys", "sysfs", 0, NULL); mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL); mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)); diff --git a/init/service.cpp b/init/service.cpp index 6460e71e4..92f1615de 100644 --- a/init/service.cpp +++ b/init/service.cpp @@ -233,10 +233,8 @@ void Service::SetProcessAttributes() { PLOG(FATAL) << "setgid failed for " << name_; } } - if (!supp_gids_.empty()) { - if (setgroups(supp_gids_.size(), &supp_gids_[0]) != 0) { - PLOG(FATAL) << "setgroups failed for " << name_; - } + if (setgroups(supp_gids_.size(), &supp_gids_[0]) != 0) { + PLOG(FATAL) << "setgroups failed for " << name_; } if (uid_) { if (setuid(uid_) != 0) {