toolbox: Make reboot a separate command from toolbox

Set the CAP_SYS_BOOT filesystem capability on the new reboot command and keep CAP_SYS_BOOT in adb bounding set so that the shell user can run it. Change-Id: I1dd6143445ee2a952254f0452ab6e544318431dd
2013-03-22 16:23:48 -07:00 · 2013-03-22 16:23:48 -07:00 · c6d7e200ed
commit c6d7e200ed
parent 82075a4044
6 changed files with 36 additions and 6 deletions
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@ -50,3 +50,4 @@
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/init.rc)
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/init.rc)
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/bin/reboot)
--- a/adb/adb.c
+++ b/adb/adb.c
@ -1195,8 +1195,9 @@ static void drop_capabilities_bounding_set_if_needed() {
 #endif
    int i;
    for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
-        if ((i == CAP_SETUID) || (i == CAP_SETGID)) {
+        if (i == CAP_SETUID || i == CAP_SETGID || i == CAP_SYS_BOOT) {
            // CAP_SETUID CAP_SETGID needed by /system/bin/run-as
            // CAP_SYS_BOOT          needed by /system/bin/reboot
            continue;
        }
        int err = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
--- a/include/private/android_filesystem_config.h
+++ b/include/private/android_filesystem_config.h
@ -228,8 +228,9 @@ static const struct fs_path_config android_files[] = {
    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/tcpdump" },
    { 04770, AID_ROOT,      AID_RADIO,     0, "system/bin/pppd-ril" },
-    /* the following file has enhanced capabilities and IS included in user builds. */
+    /* the following files have enhanced capabilities and ARE included in user builds. */
    { 00750, AID_ROOT,      AID_SHELL,     (1 << CAP_SETUID) | (1 << CAP_SETGID), "system/bin/run-as" },
    { 00750, AID_ROOT,      AID_SHELL,     1 << CAP_SYS_BOOT, "system/bin/reboot" },
    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/*" },
    { 00755, AID_ROOT,      AID_ROOT,      0, "system/lib/valgrind/*" },
--- a/reboot/Android.mk
+++ b/reboot/Android.mk
@ -0,0 +1,12 @@
 # Copyright 2013 The Android Open Source Project
 LOCAL_PATH:= $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_SRC_FILES:= reboot.c
 LOCAL_SHARED_LIBRARIES:= libcutils
 LOCAL_MODULE:= reboot
 include $(BUILD_EXECUTABLE)
--- a/toolbox/reboot.c
+++ b/toolbox/reboot.c
@ -1,10 +1,26 @@
 /*
 * Copyright (C) 2013 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <cutils/android_reboot.h>
 #include <unistd.h>
-int reboot_main(int argc, char *argv[])
+int main(int argc, char *argv[])
 {
    int ret;
    int nosync = 0;
@ -16,11 +32,11 @@ int reboot_main(int argc, char *argv[])
        int c;
        c = getopt(argc, argv, "np");
-        
+
        if (c == EOF) {
            break;
        }
-        
+
        switch (c) {
        case 'n':
            nosync = 1;
--- a/toolbox/Android.mk
+++ b/toolbox/Android.mk
@ -16,7 +16,6 @@ TOOLS := \
 	rm \
 	mkdir \
 	rmdir \
 	reboot \
 	getevent \
 	sendevent \
 	date \