summaryrefslogtreecommitdiffstats
path: root/logd
diff options
context:
space:
mode:
authorMark Salyzyn <salyzyn@google.com>2016-11-04 14:43:31 +0000
committerandroid-build-merger <android-build-merger@google.com>2016-11-04 14:43:31 +0000
commit3d2c4829a0db5912d5a77623c7c42cf1ff734d62 (patch)
treeace8673c3a2768e13ef18d4ea08daa32e4a66b34 /logd
parent83a40b0eb28233b9f1728c12b485b8f83c8b4279 (diff)
parentd2b3291ffa1cd9c2214b4a68d72508461de57e48 (diff)
downloadcore-3d2c4829a0db5912d5a77623c7c42cf1ff734d62.tar.gz
core-3d2c4829a0db5912d5a77623c7c42cf1ff734d62.tar.bz2
core-3d2c4829a0db5912d5a77623c7c42cf1ff734d62.zip
logd: auditd + klogd control CAPS
am: d2b3291ffa Change-Id: I7d8fd4a7df7ceffd90e8eaab03861ae426cbf35b
Diffstat (limited to 'logd')
-rw-r--r--logd/main.cpp14
1 files changed, 7 insertions, 7 deletions
diff --git a/logd/main.cpp b/logd/main.cpp
index 770aa25c9..99ad08023 100644
--- a/logd/main.cpp
+++ b/logd/main.cpp
@@ -89,7 +89,7 @@
// logd
//
-static int drop_privs() {
+static int drop_privs(bool klogd, bool auditd) {
struct sched_param param;
memset(&param, 0, sizeof(param));
@@ -119,8 +119,8 @@ static int drop_privs() {
if (cap_clear(caps.get()) < 0) return -1;
cap_value_t cap_value[] = {
CAP_SETGID, // must be first for below
- CAP_SYSLOG,
- CAP_AUDIT_CONTROL
+ klogd ? CAP_SYSLOG : CAP_SETGID,
+ auditd ? CAP_AUDIT_CONTROL : CAP_SETGID
};
if (cap_set_flag(caps.get(), CAP_PERMITTED,
arraysize(cap_value), cap_value,
@@ -444,7 +444,10 @@ int main(int argc, char *argv[]) {
pthread_attr_destroy(&attr);
}
- if (drop_privs() != 0) {
+ bool auditd = __android_logger_property_get_bool("logd.auditd",
+ BOOL_DEFAULT_TRUE |
+ BOOL_DEFAULT_FLAG_PERSIST);
+ if (drop_privs(klogd, auditd) != 0) {
return -1;
}
@@ -499,9 +502,6 @@ int main(int argc, char *argv[]) {
// initiated log messages. New log entries are added to LogBuffer
// and LogReader is notified to send updates to connected clients.
- bool auditd = __android_logger_property_get_bool("logd.auditd",
- BOOL_DEFAULT_TRUE |
- BOOL_DEFAULT_FLAG_PERSIST);
LogAudit *al = NULL;
if (auditd) {
al = new LogAudit(logBuf, reader,