sfos: Don't try to change owner group if it doesn't matter ; Fixes JB…

…#54265 OMP#JOLLA-147 Some apps have different group than the default which means the apps may try to change ownership of these secure directories. When combined with sandboxing this fchown call will fail as the app doesn't have write access to runtime directory. Since the mask is 0700 meaning that owning group doesn't matter we can avoid this call completely by checking whether the group needs to be changed. Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
sailfishos · May 25, 2021 · 579ded4 · 579ded4
1 parent 4e2f123
commit 579ded4
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c
@@ -326,9 +326,9 @@ int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid, bool upd
 #ifdef HAVE_FCHOWN
     if (uid == (uid_t) -1)
         uid = getuid();
-    if (gid == (gid_t) -1)
+    if ((gid == (gid_t) -1) && (m & 0070))
         gid = getgid();
-    if (((st.st_uid != uid) || (st.st_gid != gid)) && fchown(fd, uid, gid) < 0) {
+    if (((st.st_uid != uid) || ((gid != (gid_t) -1) && (st.st_gid != gid))) && fchown(fd, uid, gid) < 0) {
         pa_assert_se(pa_close(fd) >= 0);
         goto fail;
     }