commit b64249ec5367e5ab174b1688c1125af14d8a8cd6
author Maciej Żenczykowski <maze@google.com> Fri Oct 22 18:31:50 2021 -0700
committer Maciej Żenczykowski <maze@google.com> Thu Nov 18 19:08:50 2021 +0000
tree a392b743864c90e41797d3b2c3ba119f07c9f360
parent 7c87aaa50a8c0068d91b8980ec3cab57916d5258

simplify clatd permission dropping logic

There's no danger here, because we drop privileges
before we start processing packets.

This should also make clatd fully functional on 4.9-q
kernels that still have the Paranoid Android patchset
(by creating all sockets prior to dropping netd's
uid and capabilities).

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I14cab836907be8bbedc0812cec277808e9f3f91f

main.c

diff --git a/main.c b/main.c
index 52e22ac..d452985 100644
--- a/main.c
+++ b/main.c
@@ -123,19 +123,13 @@
          plat_prefix ? plat_prefix : "(none)", v4_addr ? v4_addr : "(none)",
          v6_addr ? v6_addr : "(none)");
 
-  // run under a regular user but keep needed capabilities
-  drop_root_but_keep_caps();
-
   // open our raw sockets before dropping privs
   open_sockets(&tunnel, mark);
 
-  // keeps only admin capability
-  set_capability(1 << CAP_NET_ADMIN);
-
   configure_interface(uplink_interface, plat_prefix, v4_addr, v6_addr, &tunnel, mark);
 
-  // Drop all remaining capabilities.
-  set_capability(0);
+  // run under a regular user with no capabilities
+  drop_root_and_caps();
 
   // Loop until someone sends us a signal or brings down the tun interface.
   if (signal(SIGTERM, stop_loop) == SIG_ERR) {