diff options
| author | Nick Kralevich <nnk@google.com> | 2013-06-20 15:07:04 -0700 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2013-06-20 15:07:04 -0700 |
| commit | 5ff04590386a08712d83c4f8add6d78870fe3bce (patch) | |
| tree | 9d8fb5ad165f2ed42c6853829631ab39d214a84e | |
| parent | 4dbd276e59f4d04028effd8510bb3a1e5cb31823 (diff) | |
| parent | 4ea5bd0540bf3b4b6767815b5c9e41a7146f749c (diff) | |
| download | netd-5ff04590386a08712d83c4f8add6d78870fe3bce.tar.gz | |
am 4ea5bd05: Merge "Revert "netd: reduce privileges""
* commit '4ea5bd0540bf3b4b6767815b5c9e41a7146f749c':
Revert "netd: reduce privileges"
| -rw-r--r-- | main.cpp | 39 |
1 files changed, 0 insertions, 39 deletions
@@ -22,8 +22,6 @@ #include <sys/stat.h> #include <sys/types.h> #include <sys/wait.h> -#include <sys/capability.h> -#include <linux/prctl.h> #include <fcntl.h> #include <dirent.h> @@ -41,42 +39,6 @@ static void coldboot(const char *path); static void sigchld_handler(int sig); static void blockSigpipe(); -static void dropPrivileges() { - struct __user_cap_header_struct header; - struct __user_cap_data_struct cap[2]; - int i; - int result; - - // First drop unneeded capabilities from our bounding set, - // which affects children we exec. - for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) { - if (i == CAP_NET_ADMIN || i == CAP_NET_RAW) { - continue; - } - result = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); - if (result != 0) { - perror("PR_CAPBSET_DROP failed: unable to drop privileges"); - exit(1); - } - } - - // Then drop capabilities from the current process. - memset(&header, 0, sizeof(header)); - memset(cap, 0, sizeof(cap)); - - header.version = _LINUX_CAPABILITY_VERSION_3; - header.pid = 0; - cap[CAP_TO_INDEX(CAP_NET_ADMIN)].effective |= CAP_TO_MASK(CAP_NET_ADMIN); - cap[CAP_TO_INDEX(CAP_NET_ADMIN)].permitted |= CAP_TO_MASK(CAP_NET_ADMIN); - cap[CAP_TO_INDEX(CAP_NET_RAW)].effective |= CAP_TO_MASK(CAP_NET_RAW); - cap[CAP_TO_INDEX(CAP_NET_RAW)].permitted |= CAP_TO_MASK(CAP_NET_RAW); - result = capset(&header, cap); - if (result != 0) { - perror("capset failed: unable to drop privileges"); - exit(1); - } -} - int main() { CommandListener *cl; @@ -85,7 +47,6 @@ int main() { MDnsSdListener *mdnsl; ALOGI("Netd 1.0 starting"); - dropPrivileges(); // signal(SIGCHLD, sigchld_handler); blockSigpipe(); |