diff options
| author | Mark Salyzyn <salyzyn@google.com> | 2016-11-04 14:43:26 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2016-11-04 14:43:26 +0000 |
| commit | 83a40b0eb28233b9f1728c12b485b8f83c8b4279 (patch) | |
| tree | 65f4a018875c0a6ec3b7123cd8dd541fa178f198 /logd | |
| parent | c65f2ca81faa529ba4b49f54606bb16c036c47d9 (diff) | |
| parent | d8f01807b8a49496256ccd75d49e0fd6be576424 (diff) | |
| download | system_core-83a40b0eb28233b9f1728c12b485b8f83c8b4279.tar.gz system_core-83a40b0eb28233b9f1728c12b485b8f83c8b4279.tar.bz2 system_core-83a40b0eb28233b9f1728c12b485b8f83c8b4279.zip | |
logd: drop capabilities in logd --reinit and logd.daemon
am: d8f01807b8
Change-Id: I17f06463258e95a6cc83242cc8a8d4bb0ccb4907
Diffstat (limited to 'logd')
| -rw-r--r-- | logd/main.cpp | 70 |
1 files changed, 39 insertions, 31 deletions
diff --git a/logd/main.cpp b/logd/main.cpp index 920b1bad2..770aa25c9 100644 --- a/logd/main.cpp +++ b/logd/main.cpp @@ -228,6 +228,11 @@ static void *reinit_thread_start(void * /*obj*/) { set_sched_policy(0, SP_BACKGROUND); setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND); + cap_t caps = cap_init(); + (void)cap_clear(caps); + (void)cap_set_proc(caps); + (void)cap_free(caps); + // If we are AID_ROOT, we should drop to AID_LOGD+AID_SYSTEM, if we are // anything else, we have even lesser privileges and accept our fate. Not // worth checking for error returns setting this thread's privileges. @@ -350,6 +355,39 @@ static void readDmesg(LogAudit *al, LogKlog *kl) { } } +static int issueReinit() { + cap_t caps = cap_init(); + (void)cap_clear(caps); + (void)cap_set_proc(caps); + (void)cap_free(caps); + + int sock = TEMP_FAILURE_RETRY( + socket_local_client("logd", + ANDROID_SOCKET_NAMESPACE_RESERVED, + SOCK_STREAM)); + if (sock < 0) return -errno; + + static const char reinitStr[] = "reinit"; + ssize_t ret = TEMP_FAILURE_RETRY(write(sock, reinitStr, sizeof(reinitStr))); + if (ret < 0) return -errno; + + struct pollfd p; + memset(&p, 0, sizeof(p)); + p.fd = sock; + p.events = POLLIN; + ret = TEMP_FAILURE_RETRY(poll(&p, 1, 1000)); + if (ret < 0) return -errno; + if ((ret == 0) || !(p.revents & POLLIN)) return -ETIME; + + static const char success[] = "success"; + char buffer[sizeof(success) - 1]; + memset(buffer, 0, sizeof(buffer)); + ret = TEMP_FAILURE_RETRY(read(sock, buffer, sizeof(buffer))); + if (ret < 0) return -errno; + + return strncmp(buffer, success, sizeof(success) - 1) != 0; +} + // Foreground waits for exit of the main persistent threads // that are started here. The threads are created to manage // UNIX domain client sockets for writing, reading and @@ -359,37 +397,7 @@ static void readDmesg(LogAudit *al, LogKlog *kl) { int main(int argc, char *argv[]) { // issue reinit command. KISS argument parsing. if ((argc > 1) && argv[1] && !strcmp(argv[1], "--reinit")) { - int sock = TEMP_FAILURE_RETRY( - socket_local_client("logd", - ANDROID_SOCKET_NAMESPACE_RESERVED, - SOCK_STREAM)); - if (sock < 0) { - return -errno; - } - static const char reinit[] = "reinit"; - ssize_t ret = TEMP_FAILURE_RETRY(write(sock, reinit, sizeof(reinit))); - if (ret < 0) { - return -errno; - } - struct pollfd p; - memset(&p, 0, sizeof(p)); - p.fd = sock; - p.events = POLLIN; - ret = TEMP_FAILURE_RETRY(poll(&p, 1, 1000)); - if (ret < 0) { - return -errno; - } - if ((ret == 0) || !(p.revents & POLLIN)) { - return -ETIME; - } - static const char success[] = "success"; - char buffer[sizeof(success) - 1]; - memset(buffer, 0, sizeof(buffer)); - ret = TEMP_FAILURE_RETRY(read(sock, buffer, sizeof(buffer))); - if (ret < 0) { - return -errno; - } - return strncmp(buffer, success, sizeof(success) - 1) != 0; + return issueReinit(); } static const char dev_kmsg[] = "/dev/kmsg"; |