Make set_supplementary_gids abort on memory errors.
Consumers of this API usually cannot continue if this function fails,
since not adding supplementary groups would prevent the caller from
accessing resources. Simplify callers by aborting instead of returning
an error.
This will also prevent callers from forgetting to check the return
value of the function and not actually setting supplementary groups
when they expected to.
Once the callers are updated, we can change this function to return
void.
Bug: 26099611
Change-Id: Ib470e913d734ab4eac01b2aef3cdd4922d98e15a
diff --git a/libminijail.c b/libminijail.c
index a453aaa..c7b5738 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -203,13 +203,18 @@
if (j->flags.usergroups)
die("cannot inherit *and* set supplementary groups");
- if (size == 0)
- return -EINVAL;
+ if (size == 0) {
+ /* Clear supplementary groups. */
+ j->suppl_gid_list = NULL;
+ j->suppl_gid_count = 0;
+ j->flags.suppl_gids = 1;
+ return 0;
+ }
/* Copy the gid_t array. */
j->suppl_gid_list = calloc(size, sizeof(gid_t));
if (!j->suppl_gid_list) {
- return -ENOMEM;
+ die("failed to allocate internal supplementary group array");
}
for (i = 0; i < size; i++) {
j->suppl_gid_list[i] = list[i];
