Clean fix for the chown race condition on new input devices. Drop init's egid to AID_INPUT while creating the device node, so that it is created with the correct gid. This eliminates the possibility of system_server opening the device node before its permissions are set correctly. Using setegid() allows us to swap back to AID_ROOT immediately after mknod(). Bug: 2375632

commit: 6405c6953fa02d41d9f6377f4cdb947604f481c4 [log] [tgz]
author: Nick Pelly <npelly@google.com> Thu Jan 21 18:13:39 2010 -0800
committer: Nick Pelly <npelly@google.com> Fri Jan 22 11:50:49 2010 -0800
tree: d0d1fa9a7c0bafbbdb74d5882e77b554bc544f3a
parent: 25eab084c5bc6b6ed68001b4f67ca405fc541fcb [diff] [blame]
diff --git a/init/devices.c b/init/devices.c
index 55c5ee4..11328f6 100644
--- a/init/devices.c
+++ b/init/devices.c

@@ -306,8 +306,15 @@
 
     mode = get_device_perm(path, &uid, &gid) | (block ? S_IFBLK : S_IFCHR);
     dev = (major << 8) | minor;
+    /* Temporarily change egid to avoid race condition setting the gid of the
+     * device node. Unforunately changing the euid would prevent creation of
+     * some device nodes, so the uid has to be set with chown() and is still
+     * racy. Fixing the gid race at least fixed the issue with system_server
+     * opening dynamic input devices under the AID_INPUT gid. */
+    setegid(gid);
     mknod(path, mode, dev);
-    chown(path, uid, gid);
+    chown(path, uid, -1);
+    setegid(AID_ROOT);
 }
 
 #if LOG_UEVENTS
commit	6405c6953fa02d41d9f6377f4cdb947604f481c4	[log] [tgz]
author	Nick Pelly <npelly@google.com>	Thu Jan 21 18:13:39 2010 -0800
committer	Nick Pelly <npelly@google.com>	Fri Jan 22 11:50:49 2010 -0800
tree	d0d1fa9a7c0bafbbdb74d5882e77b554bc544f3a
parent	25eab084c5bc6b6ed68001b4f67ca405fc541fcb [diff] [blame]