diff options
author | Mark Salyzyn <salyzyn@google.com> | 2016-11-04 14:43:31 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2016-11-04 14:43:31 +0000 |
commit | 3d2c4829a0db5912d5a77623c7c42cf1ff734d62 (patch) | |
tree | ace8673c3a2768e13ef18d4ea08daa32e4a66b34 /logd | |
parent | 83a40b0eb28233b9f1728c12b485b8f83c8b4279 (diff) | |
parent | d2b3291ffa1cd9c2214b4a68d72508461de57e48 (diff) | |
download | core-3d2c4829a0db5912d5a77623c7c42cf1ff734d62.tar.gz core-3d2c4829a0db5912d5a77623c7c42cf1ff734d62.tar.bz2 core-3d2c4829a0db5912d5a77623c7c42cf1ff734d62.zip |
logd: auditd + klogd control CAPS
am: d2b3291ffa
Change-Id: I7d8fd4a7df7ceffd90e8eaab03861ae426cbf35b
Diffstat (limited to 'logd')
-rw-r--r-- | logd/main.cpp | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/logd/main.cpp b/logd/main.cpp index 770aa25c9..99ad08023 100644 --- a/logd/main.cpp +++ b/logd/main.cpp @@ -89,7 +89,7 @@ // logd // -static int drop_privs() { +static int drop_privs(bool klogd, bool auditd) { struct sched_param param; memset(¶m, 0, sizeof(param)); @@ -119,8 +119,8 @@ static int drop_privs() { if (cap_clear(caps.get()) < 0) return -1; cap_value_t cap_value[] = { CAP_SETGID, // must be first for below - CAP_SYSLOG, - CAP_AUDIT_CONTROL + klogd ? CAP_SYSLOG : CAP_SETGID, + auditd ? CAP_AUDIT_CONTROL : CAP_SETGID }; if (cap_set_flag(caps.get(), CAP_PERMITTED, arraysize(cap_value), cap_value, @@ -444,7 +444,10 @@ int main(int argc, char *argv[]) { pthread_attr_destroy(&attr); } - if (drop_privs() != 0) { + bool auditd = __android_logger_property_get_bool("logd.auditd", + BOOL_DEFAULT_TRUE | + BOOL_DEFAULT_FLAG_PERSIST); + if (drop_privs(klogd, auditd) != 0) { return -1; } @@ -499,9 +502,6 @@ int main(int argc, char *argv[]) { // initiated log messages. New log entries are added to LogBuffer // and LogReader is notified to send updates to connected clients. - bool auditd = __android_logger_property_get_bool("logd.auditd", - BOOL_DEFAULT_TRUE | - BOOL_DEFAULT_FLAG_PERSIST); LogAudit *al = NULL; if (auditd) { al = new LogAudit(logBuf, reader, |