From c6d7e200eddd620d8ac55259ab3aa5f8bfa2aadb Mon Sep 17 00:00:00 2001
From: Benoit Goby <benoit@android.com>
Date: Fri, 22 Mar 2013 16:23:48 -0700
Subject: [PATCH] toolbox: Make reboot a separate command from toolbox

Set the CAP_SYS_BOOT filesystem capability on the new reboot
command and keep CAP_SYS_BOOT in adb bounding set so that the
shell user can run it.

Change-Id: I1dd6143445ee2a952254f0452ab6e544318431dd
---
 CleanSpec.mk                                |  1 +
 adb/adb.c                                   |  3 ++-
 include/private/android_filesystem_config.h |  3 ++-
 reboot/Android.mk                           | 12 +++++++++++
 {toolbox => reboot}/reboot.c                | 22 ++++++++++++++++++---
 toolbox/Android.mk                          |  1 -
 6 files changed, 36 insertions(+), 6 deletions(-)
 create mode 100644 reboot/Android.mk
 rename {toolbox => reboot}/reboot.c (66%)

diff --git a/CleanSpec.mk b/CleanSpec.mk
index 8611d3bc2..74ec29d2d 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -50,3 +50,4 @@
 
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/init.rc)
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/init.rc)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/bin/reboot)
diff --git a/adb/adb.c b/adb/adb.c
index d2a2d27eb..93a93343b 100644
--- a/adb/adb.c
+++ b/adb/adb.c
@@ -1195,8 +1195,9 @@ static void drop_capabilities_bounding_set_if_needed() {
 #endif
     int i;
     for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
-        if ((i == CAP_SETUID) || (i == CAP_SETGID)) {
+        if (i == CAP_SETUID || i == CAP_SETGID || i == CAP_SYS_BOOT) {
             // CAP_SETUID CAP_SETGID needed by /system/bin/run-as
+            // CAP_SYS_BOOT          needed by /system/bin/reboot
             continue;
         }
         int err = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h
index 540318fd5..850e0bd75 100644
--- a/include/private/android_filesystem_config.h
+++ b/include/private/android_filesystem_config.h
@@ -228,8 +228,9 @@ static const struct fs_path_config android_files[] = {
     { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/tcpdump" },
     { 04770, AID_ROOT,      AID_RADIO,     0, "system/bin/pppd-ril" },
 
-    /* the following file has enhanced capabilities and IS included in user builds. */
+    /* the following files have enhanced capabilities and ARE included in user builds. */
     { 00750, AID_ROOT,      AID_SHELL,     (1 << CAP_SETUID) | (1 << CAP_SETGID), "system/bin/run-as" },
+    { 00750, AID_ROOT,      AID_SHELL,     1 << CAP_SYS_BOOT, "system/bin/reboot" },
 
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/*" },
     { 00755, AID_ROOT,      AID_ROOT,      0, "system/lib/valgrind/*" },
diff --git a/reboot/Android.mk b/reboot/Android.mk
new file mode 100644
index 000000000..4db0c1e4d
--- /dev/null
+++ b/reboot/Android.mk
@@ -0,0 +1,12 @@
+# Copyright 2013 The Android Open Source Project
+
+LOCAL_PATH:= $(call my-dir)
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES:= reboot.c
+
+LOCAL_SHARED_LIBRARIES:= libcutils
+
+LOCAL_MODULE:= reboot
+
+include $(BUILD_EXECUTABLE)
diff --git a/toolbox/reboot.c b/reboot/reboot.c
similarity index 66%
rename from toolbox/reboot.c
rename to reboot/reboot.c
index f8546de2d..45d8a8ef5 100644
--- a/toolbox/reboot.c
+++ b/reboot/reboot.c
@@ -1,10 +1,26 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <cutils/android_reboot.h>
 #include <unistd.h>
 
-int reboot_main(int argc, char *argv[])
+int main(int argc, char *argv[])
 {
     int ret;
     int nosync = 0;
@@ -16,11 +32,11 @@ int reboot_main(int argc, char *argv[])
         int c;
 
         c = getopt(argc, argv, "np");
-        
+
         if (c == EOF) {
             break;
         }
-        
+
         switch (c) {
         case 'n':
             nosync = 1;
diff --git a/toolbox/Android.mk b/toolbox/Android.mk
index 2ecb62644..677539ffd 100644
--- a/toolbox/Android.mk
+++ b/toolbox/Android.mk
@@ -16,7 +16,6 @@ TOOLS := \
 	rm \
 	mkdir \
 	rmdir \
-	reboot \
 	getevent \
 	sendevent \
 	date \