run-as: Don't require CAP_DAC_READ_SEARCH
This is a partial AOSP port of Google internal change
080427e4e2 .
Change-Id: I23a7edc808d227caf3862b035dc2ca39639d9d59
This commit is contained in:
Nick Kralevich
parent
c8df252fa1
commit
b0f1540f2a
1 changed files with 18 additions and 1 deletions
|
|
@ -80,13 +80,30 @@ map_file(const char* filename, size_t* filesize)
|
|||
struct stat st;
|
||||
size_t length = 0;
|
||||
void* address = NULL;
|
||||
gid_t oldegid;
|
||||
|
||||
*filesize = 0;
|
||||
|
||||
/*
|
||||
* Temporarily switch effective GID to allow us to read
|
||||
* the packages file
|
||||
*/
|
||||
|
||||
oldegid = getegid();
|
||||
if (setegid(AID_SYSTEM) < 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* open the file for reading */
|
||||
fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
|
||||
if (fd < 0)
|
||||
if (fd < 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* restore back to our old egid */
|
||||
if (setegid(oldegid) < 0) {
|
||||
goto EXIT;
|
||||
}
|
||||
|
||||
/* get its size */
|
||||
ret = TEMP_FAILURE_RETRY(fstat(fd, &st));
|
||||
|
|
|
|||
Loading…
Reference in a new issue