Only listen on the given interfaces.

Stop being a public dns forwarder on our external interfaces.

bug:7530468
Change-Id: Ic94cd66e66371de4fcc54f53b9f267f6611804b8

1 files changed, 13 insertions, 2 deletions

diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index f6b371a..2f0fbb6 100755
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -390,6 +390,9 @@ int main (int argc, char **argv)
 	  /* On linux, we keep CAP_NETADMIN (for ARP-injection) and
 	     CAP_NET_RAW (for icmp) if we're doing dhcp */
 	  data->effective = data->permitted = data->inheritable =
+#ifdef __ANDROID__
+	    (1 << CAP_NET_BIND_SERVICE) |
+#endif
 	    (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW) | (1 << CAP_SETUID);
 	  
 	  /* Tell kernel to not clear capabilities when dropping root */
@@ -433,6 +436,9 @@ int main (int argc, char **argv)
 
 #ifdef HAVE_LINUX_NETWORK
 	  data->effective = data->permitted = 
+#ifdef __ANDROID__
+	    (1 << CAP_NET_BIND_SERVICE) |
+#endif
 	    (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW);
 	  data->inheritable = 0;
 	  
@@ -1010,6 +1016,13 @@ static int check_android_listeners(fd_set *set) {
                     my_syslog(LOG_ERR, _("Malformatted msg '%s'"), current_cmd);
                     retcode = -1;
                 }
+            } else if (!strcmp(cmd, "update_ifaces")) {
+                if (params != NULL) {
+                    set_interfaces(params);
+                } else {
+                    my_syslog(LOG_ERR, _("Malformatted msg '%s'"), current_cmd);
+                    retcode = -1;
+                }
             } else {
                  my_syslog(LOG_ERR, _("Unknown cmd '%s'"), cmd);
                  retcode = -1;
@@ -1344,5 +1357,3 @@ int icmp_ping(struct in_addr addr)
   return gotreply;
 }
 #endif
-
-