diff options
author | Nick Kralevich <nnk@google.com> | 2013-06-20 15:11:55 -0700 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2013-06-20 15:11:55 -0700 |
commit | eb648acc30c3b04823c8ee533b12ae56d772ce47 (patch) | |
tree | 516dddf7e866e1ed5157170835aa2cbddc30df19 | |
parent | 7b3ab3345b60a36dac0198591ccf21823feb4449 (diff) | |
parent | 5ff04590386a08712d83c4f8add6d78870fe3bce (diff) | |
download | netd-eb648acc30c3b04823c8ee533b12ae56d772ce47.tar.gz |
am 5ff04590: am 4ea5bd05: Merge "Revert "netd: reduce privileges""
* commit '5ff04590386a08712d83c4f8add6d78870fe3bce':
Revert "netd: reduce privileges"
-rw-r--r-- | main.cpp | 39 |
1 files changed, 0 insertions, 39 deletions
@@ -22,8 +22,6 @@ #include <sys/stat.h> #include <sys/types.h> #include <sys/wait.h> -#include <sys/capability.h> -#include <linux/prctl.h> #include <fcntl.h> #include <dirent.h> @@ -41,42 +39,6 @@ static void coldboot(const char *path); static void sigchld_handler(int sig); static void blockSigpipe(); -static void dropPrivileges() { - struct __user_cap_header_struct header; - struct __user_cap_data_struct cap[2]; - int i; - int result; - - // First drop unneeded capabilities from our bounding set, - // which affects children we exec. - for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) { - if (i == CAP_NET_ADMIN || i == CAP_NET_RAW) { - continue; - } - result = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); - if (result != 0) { - perror("PR_CAPBSET_DROP failed: unable to drop privileges"); - exit(1); - } - } - - // Then drop capabilities from the current process. - memset(&header, 0, sizeof(header)); - memset(cap, 0, sizeof(cap)); - - header.version = _LINUX_CAPABILITY_VERSION_3; - header.pid = 0; - cap[CAP_TO_INDEX(CAP_NET_ADMIN)].effective |= CAP_TO_MASK(CAP_NET_ADMIN); - cap[CAP_TO_INDEX(CAP_NET_ADMIN)].permitted |= CAP_TO_MASK(CAP_NET_ADMIN); - cap[CAP_TO_INDEX(CAP_NET_RAW)].effective |= CAP_TO_MASK(CAP_NET_RAW); - cap[CAP_TO_INDEX(CAP_NET_RAW)].permitted |= CAP_TO_MASK(CAP_NET_RAW); - result = capset(&header, cap); - if (result != 0) { - perror("capset failed: unable to drop privileges"); - exit(1); - } -} - int main() { CommandListener *cl; @@ -85,7 +47,6 @@ int main() { MDnsSdListener *mdnsl; ALOGI("Netd 1.0 starting"); - dropPrivileges(); // signal(SIGCHLD, sigchld_handler); blockSigpipe(); |