ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "init: Read previous state of securebits before modifying" am: c10e14110a am: 19f32317b3

Browse source 
am: 9dabbbaa6a

Change-Id: Id5cdc260c7f6800e493c0f3b4e0da08ddca34b63
This commit is contained in:
Luis Hector Chavez 2017-07-01 00:39:42 +00:00 committed by android-build-merger
commit dd79958ecb
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
init/service.cpp
View file

@ -235,8 +235,15 @@ void Service::KillProcessGroup(int signal) {
void Service::SetProcessAttributes() {
// Keep capabilites on uid change.
if (capabilities_.any() && uid_) {
if (prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS | SECBIT_KEEP_CAPS_LOCKED) != 0) {
PLOG(FATAL) << "prtcl(PR_SET_KEEPCAPS) failed for " << name_;
// If Android is running in a container, some securebits might already
// be locked, so don't change those.
int64_t securebits = prctl(PR_GET_SECUREBITS);
if (securebits == -1) {
PLOG(FATAL) << "prctl(PR_GET_SECUREBITS) failed for " << name_;
}
securebits |= SECBIT_KEEP_CAPS | SECBIT_KEEP_CAPS_LOCKED;
if (prctl(PR_SET_SECUREBITS, securebits) != 0) {
PLOG(FATAL) << "prctl(PR_SET_SECUREBITS) failed for " << name_;
}
}