Improve comment around CAP_SYS_NICE capability

Also fix the error message for the cap_clear_flag(caps.get(), CAP_EFFECTIVE) call.

Bug: 334980629
Test: presubmit
Test: m
Change-Id: Idf311f49f2a14d315edad138bf6b5f3f1026819c

1 files changed, 4 insertions, 2 deletions

diff --git a/daemon/main.cpp b/daemon/main.cpp
index c6e6d749..77e535af 100644
--- a/daemon/main.cpp
+++ b/daemon/main.cpp
@@ -129,7 +129,9 @@ static void drop_privileges(int server_port) {
             //   adbd (CapBnd: CAP_SYS_NICE) -> /system/bin/sh (CapBnd: CAP_SYS_NICE) ->
             //   /apex/com.android.virt/bin/vm (CapBnd: CAP_SYS_NICE) ->
             //   virtmngr (CapBnd: CAP_SYS_NICE) -> crosvm (CapEff: CAP_SYS_NICE).
-            // Note: the adbd or sh (spawned from adb shell) won't actually have the CAP_SYS_NICE.
+            // Note: the adbd will drop it's effective capabilities several lines below, while the
+            // /system/bin/sh process spawned from adbd will run as non-root uid, hence won't be
+            // able to use the CAP_SYS_NICE capability in the first place.
             minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID) |
                                                   CAP_TO_MASK(CAP_SYS_NICE));
         }
@@ -150,7 +152,7 @@ static void drop_privileges(int server_port) {
             PLOG(FATAL) << "cap_clear_flag(INHERITABLE) failed";
         }
         if (cap_clear_flag(caps.get(), CAP_EFFECTIVE) == -1) {
-            PLOG(FATAL) << "cap_clear_flag(PEMITTED) failed";
+            PLOG(FATAL) << "cap_clear_flag(EFFECTIVE) failed";
         }
         if (cap_clear_flag(caps.get(), CAP_PERMITTED) == -1) {
             PLOG(FATAL) << "cap_clear_flag(PEMITTED) failed";