Set supplementary groups for the crash-manager process

Change-Id: I8283c0ca4605d6e882836e4a02079c65dd1ad30c

diff --git a/src/crash-manager/main.c b/src/crash-manager/main.c
index ed7c9af..0b34d3b 100644 (file)
--- a/src/crash-manager/main.c
+++ b/src/crash-manager/main.c
@@ -1,4 +1,5 @@
 #include <getopt.h>
+#include <grp.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -170,6 +171,35 @@ exit:
        return res;
 }
 
+static bool set_groups(const char *user_name, const gid_t gid)
+{
+       int ngroup = 0;
+       errno = 0;
+       int ret = getgrouplist(user_name, gid, NULL, &ngroup);
+       if (ret != -1) {
+               _E("getgrouplist() unexpected return value: %d", ret);
+               return false;
+       } else if (errno != 0) {
+               _E("getgrouplist() unexcepted failure: %m");
+               return false;
+       }
+
+       gid_t groups[ngroup];
+       ret = getgrouplist(user_name, gid, groups, &ngroup);
+       if (ret == -1) {
+               _E("getgrouplist() error");
+               return false;
+       }
+
+       ret = setgroups(ngroup, groups);
+       if (ret != 0) {
+               _E("setgroups() error: %m\n");
+               return false;
+       }
+
+       return true;
+}
+
 static bool drop_privileges(const char *user_name)
 {
        struct passwd *user_info = getpwnam(user_name);
@@ -190,6 +220,9 @@ static bool drop_privileges(const char *user_name)
                return false;
        }
 
+       if (!set_groups(user_name, user_info->pw_gid))
+               return false;
+
        if (setuid(user_info->pw_uid) == -1) {
                _E("setuid() error: %m\n");
                return false;