diff options
author | Johan Redestig <johan.redestig@sonymobile.com> | 2016-11-30 12:55:42 +0100 |
---|---|---|
committer | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-12-19 12:14:29 -0500 |
commit | c39610cd7ad6df55d9097bccf2d99262d83a6643 (patch) | |
tree | f4e2b429ef581a23c1ed3d88475c56b0b4f50b62 /rild | |
parent | 577bce6c9de200a5a6e50aa310b74a40fd268d26 (diff) | |
download | android_hardware_ril-c39610cd7ad6df55d9097bccf2d99262d83a6643.tar.gz android_hardware_ril-c39610cd7ad6df55d9097bccf2d99262d83a6643.tar.bz2 android_hardware_ril-c39610cd7ad6df55d9097bccf2d99262d83a6643.zip |
Use init to set capabilities (re-land)
(This is a re-land now that
https://android-review.googlesource.com/#/c/314804/ has fixed the
underlying bug. The problem was that the 3.10 kernel on angler
didn't support some newer capabilities. This CL fixes a bug reported by
Sony.)
With the minijail code the groups set in the rild.rc are lost when
switching user. The reason for starting as root was to be able to set
capabilities, since that code was written init has gain the ability
to set capabilities at service declaration so use that instead so we
dont even have to start as root.
Before change:
Name: rild
...
Uid: 1001 1001 1001 1001
Gid: 1001 1001 1001 1001
...
Groups:
...
CapInh: 0000001000003000
CapPrm: 0000001000003000
CapEff: 0000001000003000
CapBnd: 0000001000003000
CapAmb: 0000000000000000
...
After change:
Name: rild
...
Uid: 1001 1001 1001 1001
Gid: 1001 1001 1001 1001
...
Groups: 1005 1007 2001 3003 3009 3010 9998
...
CapInh: 0000001000003000
CapPrm: 0000001000003000
CapEff: 0000001000003000
CapBnd: 0000001000003000
CapAmb: 0000001000003000
...
Bug: 33443755
Test: Build/boot/check rild is running on angler and marlin.
Change-Id: I138f6203e55ea2c304e506da3949b5a932b83401
Diffstat (limited to 'rild')
-rw-r--r-- | rild/Android.mk | 1 | ||||
-rw-r--r-- | rild/rild.c | 29 | ||||
-rw-r--r-- | rild/rild.rc | 3 |
3 files changed, 2 insertions, 31 deletions
diff --git a/rild/Android.mk b/rild/Android.mk index 37f1153..152266c 100644 --- a/rild/Android.mk +++ b/rild/Android.mk @@ -10,7 +10,6 @@ LOCAL_SHARED_LIBRARIES := \ libcutils \ libdl \ liblog \ - libminijail \ libril # Temporary hack for broken vendor RILs. diff --git a/rild/rild.c b/rild/rild.c index dec950e..50710d6 100644 --- a/rild/rild.c +++ b/rild/rild.c @@ -33,7 +33,6 @@ #include <sys/prctl.h> #include <sys/stat.h> #include <sys/types.h> -#include <libminijail.h> #include <libril/ril_ex.h> #include <private/android_filesystem_config.h> @@ -41,7 +40,6 @@ #define LIB_PATH_PROPERTY "rild.libpath" #define LIB_ARGS_PROPERTY "rild.libargs" #define MAX_LIB_ARGS 16 -#define MAX_CAP_NUM (CAP_TO_INDEX(CAP_LAST_CAP) + 1) static void usage(const char *argv0) { fprintf(stderr, "Usage: %s -l <ril impl library> [-- <args for impl library>]\n", argv0); @@ -97,31 +95,6 @@ static int make_argv(char * args, char ** argv) { return count; } -/* - * switchUser - Switches UID to radio, preserving CAP_NET_ADMIN capabilities. - * Our group, cache, was set by init. - */ -void switchUser() { - char debuggable[PROP_VALUE_MAX]; - struct minijail *j = minijail_new(); - minijail_change_uid(j, AID_RADIO); - minijail_use_caps(j, CAP_MASK_LONG(CAP_BLOCK_SUSPEND) | - CAP_MASK_LONG(CAP_NET_ADMIN) | - CAP_MASK_LONG(CAP_NET_RAW)); - - minijail_enter(j); - minijail_destroy(j); - - /* - * Debuggable build only: - * Set DUMPABLE that was cleared by setuid() to have tombstone on RIL crash - */ - property_get("ro.debuggable", debuggable, "0"); - if (strcmp(debuggable, "1") == 0) { - prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); - } -} - int main(int argc, char **argv) { const char *rilLibPath = NULL; char **rilArgv; @@ -177,8 +150,6 @@ int main(int argc, char **argv) { } } - switchUser(); - dlHandle = dlopen(rilLibPath, RTLD_NOW); if (dlHandle == NULL) { diff --git a/rild/rild.rc b/rild/rild.rc index 35b424f..a9ffe11 100644 --- a/rild/rild.rc +++ b/rild/rild.rc @@ -3,5 +3,6 @@ service ril-daemon /system/bin/rild socket rild stream 660 root radio socket sap_uim_socket1 stream 660 bluetooth bluetooth socket rild-debug stream 660 radio system - user root + user radio group radio cache inet misc audio log readproc wakelock + capabilities BLOCK_SUSPEND NET_ADMIN NET_RAW |