From d2b3291ffa1cd9c2214b4a68d72508461de57e48 Mon Sep 17 00:00:00 2001 From: Mark Salyzyn Date: Fri, 28 Oct 2016 15:11:46 -0700 Subject: logd: auditd + klogd control CAPS Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-testsa Bug: 32450474 Change-Id: Icdaf9e352e86c9e140928509201da743004aeedb --- logd/main.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'logd') diff --git a/logd/main.cpp b/logd/main.cpp index 770aa25c9..99ad08023 100644 --- a/logd/main.cpp +++ b/logd/main.cpp @@ -89,7 +89,7 @@ // logd // -static int drop_privs() { +static int drop_privs(bool klogd, bool auditd) { struct sched_param param; memset(¶m, 0, sizeof(param)); @@ -119,8 +119,8 @@ static int drop_privs() { if (cap_clear(caps.get()) < 0) return -1; cap_value_t cap_value[] = { CAP_SETGID, // must be first for below - CAP_SYSLOG, - CAP_AUDIT_CONTROL + klogd ? CAP_SYSLOG : CAP_SETGID, + auditd ? CAP_AUDIT_CONTROL : CAP_SETGID }; if (cap_set_flag(caps.get(), CAP_PERMITTED, arraysize(cap_value), cap_value, @@ -444,7 +444,10 @@ int main(int argc, char *argv[]) { pthread_attr_destroy(&attr); } - if (drop_privs() != 0) { + bool auditd = __android_logger_property_get_bool("logd.auditd", + BOOL_DEFAULT_TRUE | + BOOL_DEFAULT_FLAG_PERSIST); + if (drop_privs(klogd, auditd) != 0) { return -1; } @@ -499,9 +502,6 @@ int main(int argc, char *argv[]) { // initiated log messages. New log entries are added to LogBuffer // and LogReader is notified to send updates to connected clients. - bool auditd = __android_logger_property_get_bool("logd.auditd", - BOOL_DEFAULT_TRUE | - BOOL_DEFAULT_FLAG_PERSIST); LogAudit *al = NULL; if (auditd) { al = new LogAudit(logBuf, reader, -- cgit v1.2.3