diff options
author | Treehugger Robot <treehugger-gerrit@google.com> | 2022-01-19 13:54:58 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-01-19 13:54:58 +0000 |
commit | 91965860d625fa8e9b85163acf1b2ad0a26372f8 (patch) | |
tree | fd22a9825617b480dfd7ce287494dfc444fd40d7 | |
parent | edc57e339fca900aeb9d58ac22ead3878b7a07cd (diff) | |
parent | dbad0785ecc54aa84703337135cd4b7e7b60ee64 (diff) | |
download | android-clat-91965860d625fa8e9b85163acf1b2ad0a26372f8.tar.gz |
Merge "[RFCLAT#16] remove drop_root_and_caps" am: 95cbf3217f am: 35e51c45a4 am: dbad0785ec
Original change: https://android-review.googlesource.com/c/platform/external/android-clat/+/1949737
Change-Id: Ib896a1f0b7d05ef49ff7126ea3b6a00fa25e5954
-rw-r--r-- | Android.bp | 4 | ||||
-rw-r--r-- | clatd.c | 44 | ||||
-rw-r--r-- | clatd.h | 2 | ||||
-rw-r--r-- | main.c | 3 |
4 files changed, 0 insertions, 53 deletions
@@ -53,10 +53,6 @@ filegroup { cc_binary { name: "clatd", defaults: ["clatd_defaults"], - // TODO: remove once drop_root_and_caps() is removed. - header_libs: [ - "libcutils_headers", // for AID_CLAT - ], srcs: [ ":clatd_common", "main.c" @@ -39,8 +39,6 @@ #include <sys/capability.h> #include <sys/uio.h> -#include <private/android_filesystem_config.h> // For AID_CLAT. - #include "clatd.h" #include "config.h" #include "dump.h" @@ -55,48 +53,6 @@ struct clat_config Global_Clatd_Config; volatile sig_atomic_t running = 1; -/* function: set_capability - * set the permitted, effective and inheritable capabilities of the current - * thread - */ -void set_capability(uint64_t target_cap) { - struct __user_cap_header_struct header = { - .version = _LINUX_CAPABILITY_VERSION_3, - .pid = 0 // 0 = change myself - }; - struct __user_cap_data_struct cap[_LINUX_CAPABILITY_U32S_3] = {}; - - cap[0].permitted = cap[0].effective = cap[0].inheritable = target_cap; - cap[1].permitted = cap[1].effective = cap[1].inheritable = target_cap >> 32; - - if (capset(&header, cap) < 0) { - logmsg(ANDROID_LOG_FATAL, "capset failed: %s", strerror(errno)); - exit(1); - } -} - -/* function: drop_root_and_caps - * drops root privs and all capabilities - */ -void drop_root_and_caps() { - // see man setgroups: this drops all supplementary groups - if (setgroups(0, NULL) < 0) { - logmsg(ANDROID_LOG_FATAL, "setgroups failed: %s", strerror(errno)); - exit(1); - } - - if (setresgid(AID_CLAT, AID_CLAT, AID_CLAT) < 0) { - logmsg(ANDROID_LOG_FATAL, "setresgid failed: %s", strerror(errno)); - exit(1); - } - if (setresuid(AID_CLAT, AID_CLAT, AID_CLAT) < 0) { - logmsg(ANDROID_LOG_FATAL, "setresuid failed: %s", strerror(errno)); - exit(1); - } - - set_capability(0); -} - int ipv6_address_changed(const char *interface) { union anyip *interface_ip; @@ -38,8 +38,6 @@ struct tun_data; extern volatile sig_atomic_t running; -void set_capability(uint64_t target_cap); -void drop_root_and_caps(); int ipv6_address_changed(const char *interface); void event_loop(struct tun_data *tunnel); @@ -152,9 +152,6 @@ int main(int argc, char **argv) { uplink_interface, plat_prefix ? plat_prefix : "(none)", v4_addr ? v4_addr : "(none)", v6_addr ? v6_addr : "(none)"); - // run under a regular user with no capabilities - drop_root_and_caps(); - // Loop until someone sends us a signal or brings down the tun interface. if (signal(SIGTERM, stop_loop) == SIG_ERR) { logmsg(ANDROID_LOG_FATAL, "sigterm handler failed: %s", strerror(errno)); |