diff options
| author | Gilad Arnold <garnold@google.com> | 2015-09-01 08:19:02 -0700 |
|---|---|---|
| committer | Gilad Arnold <garnold@google.com> | 2015-09-01 09:38:24 -0700 |
| commit | aab9382297008c1d1b7cef361159a44885d52af0 (patch) | |
| tree | 0a5a172e84b8845a863d74058b6f3f64abef8734 /src/tlsdate-helper.c | |
| parent | 98fc05cbb94eed6925d76de5a75e993296252e7c (diff) | |
| download | tlsdate-aab9382297008c1d1b7cef361159a44885d52af0.tar.gz | |
Support for dropping privileges with supplementary groups.
On Android, we need support for supplementary groups when dropping
privileges in order to retain permissions for accessing system resources
such as the DBus socket. This CL:
1) Adds a flag -G to tlsdated for listing supplementary groups used when
dropping privileges.
2) Adds '-G dbus' to tlsdated Android init script.
Bug: 22373707
Bug: 23651876
Change-Id: I0769d5ef496d073c20016c3252c5edbfead2aaa5
Diffstat (limited to 'src/tlsdate-helper.c')
| -rw-r--r-- | src/tlsdate-helper.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c index 9322517..d923efd 100644 --- a/src/tlsdate-helper.c +++ b/src/tlsdate-helper.c @@ -1276,7 +1276,7 @@ main(int argc, char **argv) if (0 == setclock && 0 == timewarp) { verb ("V: attemping to drop administrator privileges"); - drop_privs_to (UNPRIV_USER, UNPRIV_GROUP); + drop_privs_to (UNPRIV_USER, UNPRIV_GROUP, NULL); } // We cast the mmap value to remove this error when compiling with g++: @@ -1337,7 +1337,7 @@ main(int argc, char **argv) die ("fork failed: %s", strerror (errno)); if (0 == ssl_child) { - drop_privs_to (UNPRIV_USER, UNPRIV_GROUP); + drop_privs_to (UNPRIV_USER, UNPRIV_GROUP, NULL); run_ssl (time_map, leap, http); (void) munmap (time_map, sizeof (uint32_t)); _exit (0); |