diff options
author | Robert Greenwalt <rgreenwalt@google.com> | 2016-12-14 21:42:45 +0000 |
---|---|---|
committer | Robert Greenwalt <rgreenwalt@google.com> | 2016-12-14 21:42:45 +0000 |
commit | 577bce6c9de200a5a6e50aa310b74a40fd268d26 (patch) | |
tree | 7927bc9ed568daea00b5125d613fd2d391bcac7f /rild | |
parent | aafb4e2754ad2a15fedb0efe0faf97d8c259380b (diff) | |
download | android_hardware_ril-577bce6c9de200a5a6e50aa310b74a40fd268d26.tar.gz android_hardware_ril-577bce6c9de200a5a6e50aa310b74a40fd268d26.tar.bz2 android_hardware_ril-577bce6c9de200a5a6e50aa310b74a40fd268d26.zip |
Revert "Use init to set capabilities"
This reverts commit aafb4e2754ad2a15fedb0efe0faf97d8c259380b.
Change-Id: I7df22f57d99b7e0bf4f6ed6f8bb53f4f1af521d5
Diffstat (limited to 'rild')
-rw-r--r-- | rild/Android.mk | 1 | ||||
-rw-r--r-- | rild/rild.c | 29 | ||||
-rw-r--r-- | rild/rild.rc | 3 |
3 files changed, 31 insertions, 2 deletions
diff --git a/rild/Android.mk b/rild/Android.mk index 152266c..37f1153 100644 --- a/rild/Android.mk +++ b/rild/Android.mk @@ -10,6 +10,7 @@ LOCAL_SHARED_LIBRARIES := \ libcutils \ libdl \ liblog \ + libminijail \ libril # Temporary hack for broken vendor RILs. diff --git a/rild/rild.c b/rild/rild.c index 50710d6..dec950e 100644 --- a/rild/rild.c +++ b/rild/rild.c @@ -33,6 +33,7 @@ #include <sys/prctl.h> #include <sys/stat.h> #include <sys/types.h> +#include <libminijail.h> #include <libril/ril_ex.h> #include <private/android_filesystem_config.h> @@ -40,6 +41,7 @@ #define LIB_PATH_PROPERTY "rild.libpath" #define LIB_ARGS_PROPERTY "rild.libargs" #define MAX_LIB_ARGS 16 +#define MAX_CAP_NUM (CAP_TO_INDEX(CAP_LAST_CAP) + 1) static void usage(const char *argv0) { fprintf(stderr, "Usage: %s -l <ril impl library> [-- <args for impl library>]\n", argv0); @@ -95,6 +97,31 @@ static int make_argv(char * args, char ** argv) { return count; } +/* + * switchUser - Switches UID to radio, preserving CAP_NET_ADMIN capabilities. + * Our group, cache, was set by init. + */ +void switchUser() { + char debuggable[PROP_VALUE_MAX]; + struct minijail *j = minijail_new(); + minijail_change_uid(j, AID_RADIO); + minijail_use_caps(j, CAP_MASK_LONG(CAP_BLOCK_SUSPEND) | + CAP_MASK_LONG(CAP_NET_ADMIN) | + CAP_MASK_LONG(CAP_NET_RAW)); + + minijail_enter(j); + minijail_destroy(j); + + /* + * Debuggable build only: + * Set DUMPABLE that was cleared by setuid() to have tombstone on RIL crash + */ + property_get("ro.debuggable", debuggable, "0"); + if (strcmp(debuggable, "1") == 0) { + prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); + } +} + int main(int argc, char **argv) { const char *rilLibPath = NULL; char **rilArgv; @@ -150,6 +177,8 @@ int main(int argc, char **argv) { } } + switchUser(); + dlHandle = dlopen(rilLibPath, RTLD_NOW); if (dlHandle == NULL) { diff --git a/rild/rild.rc b/rild/rild.rc index a9ffe11..35b424f 100644 --- a/rild/rild.rc +++ b/rild/rild.rc @@ -3,6 +3,5 @@ service ril-daemon /system/bin/rild socket rild stream 660 root radio socket sap_uim_socket1 stream 660 bluetooth bluetooth socket rild-debug stream 660 radio system - user radio + user root group radio cache inet misc audio log readproc wakelock - capabilities BLOCK_SUSPEND NET_ADMIN NET_RAW |