From c21169c59f5f7571ab38cc5a2c29ff3e69bee54d Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Wed, 2 Nov 2016 13:35:12 -0700 Subject: [PATCH] give zygote AID_READPROC In zygote wrapping mode, ZygoteConnection does a check to see if the pid reported by the wrapped process is either child process that was forked, or a decendent of it. This requires read access to other processes /proc files. Grant zygote AID_READPROC to allow this access. Bug: 32610632 Test: manual inspection of /proc files to verify group. Test: manual inspection of zygote's children to make sure they do not inherit AID_READPROC Change-Id: I3619a9ae33c8077e068e8024f7c7d44cfca6fb76 --- rootdir/init.zygote32.rc | 2 ++ rootdir/init.zygote32_64.rc | 4 ++++ rootdir/init.zygote64.rc | 2 ++ rootdir/init.zygote64_32.rc | 4 ++++ 4 files changed, 12 insertions(+) diff --git a/rootdir/init.zygote32.rc b/rootdir/init.zygote32.rc index 807f9bcde..bfddcfa88 100644 --- a/rootdir/init.zygote32.rc +++ b/rootdir/init.zygote32.rc @@ -1,6 +1,8 @@ service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server class main priority -20 + user root + group root readproc socket zygote stream 660 root system onrestart write /sys/android_power/request_state wake onrestart write /sys/power/state on diff --git a/rootdir/init.zygote32_64.rc b/rootdir/init.zygote32_64.rc index 3bfa0af93..1bbb00778 100644 --- a/rootdir/init.zygote32_64.rc +++ b/rootdir/init.zygote32_64.rc @@ -1,6 +1,8 @@ service zygote /system/bin/app_process32 -Xzygote /system/bin --zygote --start-system-server --socket-name=zygote class main priority -20 + user root + group root readproc socket zygote stream 660 root system onrestart write /sys/android_power/request_state wake onrestart write /sys/power/state on @@ -13,6 +15,8 @@ service zygote /system/bin/app_process32 -Xzygote /system/bin --zygote --start-s service zygote_secondary /system/bin/app_process64 -Xzygote /system/bin --zygote --socket-name=zygote_secondary class main priority -20 + user root + group root readproc socket zygote_secondary stream 660 root system onrestart restart zygote writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks diff --git a/rootdir/init.zygote64.rc b/rootdir/init.zygote64.rc index 13ffd7e9a..6742127e4 100644 --- a/rootdir/init.zygote64.rc +++ b/rootdir/init.zygote64.rc @@ -1,6 +1,8 @@ service zygote /system/bin/app_process64 -Xzygote /system/bin --zygote --start-system-server class main priority -20 + user root + group root readproc socket zygote stream 660 root system onrestart write /sys/android_power/request_state wake onrestart write /sys/power/state on diff --git a/rootdir/init.zygote64_32.rc b/rootdir/init.zygote64_32.rc index 56404902b..81a76094b 100644 --- a/rootdir/init.zygote64_32.rc +++ b/rootdir/init.zygote64_32.rc @@ -1,6 +1,8 @@ service zygote /system/bin/app_process64 -Xzygote /system/bin --zygote --start-system-server --socket-name=zygote class main priority -20 + user root + group root readproc socket zygote stream 660 root system onrestart write /sys/android_power/request_state wake onrestart write /sys/power/state on @@ -13,6 +15,8 @@ service zygote /system/bin/app_process64 -Xzygote /system/bin --zygote --start-s service zygote_secondary /system/bin/app_process32 -Xzygote /system/bin --zygote --socket-name=zygote_secondary class main priority -20 + user root + group root readproc socket zygote_secondary stream 660 root system onrestart restart zygote writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks