Use Minijail for privilege dropping.

Having so many copies of privilege-dropping code leads to errors.
De-duplicate this code and use Minijail for it.

Bug: 30156807

Change-Id: I36c85962b913a12efe5648a23cbacc5bcbb3853c

sdcard/Android.mk

@@ -5,7 +5,7 @@ include $(CLEAR_VARS)
 LOCAL_SRC_FILES := sdcard.cpp fuse.cpp
 LOCAL_MODULE := sdcard
 LOCAL_CFLAGS := -Wall -Wno-unused-parameter -Werror
-LOCAL_SHARED_LIBRARIES := libbase liblog libcutils libpackagelistparser
+LOCAL_SHARED_LIBRARIES := libbase liblog libcutils libminijail libpackagelistparser
 
 LOCAL_SANITIZE := integer
 LOCAL_CLANG := true

sdcard/sdcard.cpp

@@ -36,6 +36,9 @@
 #include <cutils/multiuser.h>
 #include <packagelistparser/packagelistparser.h>
 
+#include <libminijail.h>
+#include <scoped_minijail.h>
+
 #include <private/android_filesystem_config.h>
 
 // README
@@ -204,6 +207,15 @@ static int fuse_setup(struct fuse* fuse, gid_t gid, mode_t mask) {
     return 0;
 }
 
+static void drop_privs(uid_t uid, gid_t gid) {
+    ScopedMinijail j(minijail_new());
+    minijail_set_supplementary_gids(j.get(), sizeof(kGroups) / sizeof(kGroups[0]), kGroups);
+    minijail_change_gid(j.get(), gid);
+    minijail_change_uid(j.get(), uid);
+    /* minijail_enter() will abort if priv-dropping fails. */
+    minijail_enter(j.get());
+}
+
 static void* start_handler(void* data) {
     struct fuse_handler* handler = static_cast<fuse_handler*>(data);
     handle_fuse_requests(handler);
@@ -299,16 +311,8 @@ static void run(const char* source_path, const char* label, uid_t uid,
         }
     }
 
-    /* Drop privs. */
-    if (setgroups(sizeof(kGroups) / sizeof(kGroups[0]), kGroups) < 0) {
-        PLOG(FATAL) << "cannot setgroups";
-    }
-    if (setgid(gid) < 0) {
-        PLOG(FATAL) << "cannot setgid";
-    }
-    if (setuid(uid) < 0) {
-        PLOG(FATAL) << "cannot setuid";
-    }
+    // Will abort if priv-dropping fails.
+    drop_privs(uid, gid);
 
     if (multi_user) {
         fs_prepare_dir(global.obb_path, 0775, uid, gid);