merge in jb-mr2-release history after reset to master
diff --git a/adb/adb.c b/adb/adb.c
index 32aff2c..949e5ea 100644
--- a/adb/adb.c
+++ b/adb/adb.c
@@ -1184,6 +1184,33 @@
}
#if !ADB_HOST
+
+static void drop_capabilities_bounding_set_if_needed() {
+#ifdef ALLOW_ADBD_ROOT
+ char value[PROPERTY_VALUE_MAX];
+ property_get("ro.debuggable", value, "");
+ if (strcmp(value, "1") == 0) {
+ return;
+ }
+#endif
+ int i;
+ for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
+ if ((i == CAP_NET_RAW) || (i == CAP_SETUID) || (i == CAP_SETGID)) {
+ // CAP_NET_RAW needed by /system/bin/ping
+ // CAP_SETUID CAP_SETGID needed by /system/bin/run-as
+ continue;
+ }
+ int err = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
+
+ // Some kernels don't have file capabilities compiled in, and
+ // prctl(PR_CAPBSET_DROP) returns EINVAL. Don't automatically
+ // die when we see such misconfigured kernels.
+ if ((err < 0) && (errno != EINVAL)) {
+ exit(1);
+ }
+ }
+}
+
static int should_drop_privileges() {
#ifndef ALLOW_ADBD_ROOT
return 1;
@@ -1278,6 +1305,8 @@
exit(1);
}
+ drop_capabilities_bounding_set_if_needed();
+
/* add extra groups:
** AID_ADB to access the USB driver
** AID_LOG to read system logs (adb logcat)
diff --git a/logwrapper/logwrap.c b/logwrapper/logwrap.c
index a756eb3..d9247ec 100644
--- a/logwrapper/logwrap.c
+++ b/logwrapper/logwrap.c
@@ -32,7 +32,7 @@
#include "private/android_filesystem_config.h"
#include "cutils/log.h"
-#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
static int signal_fd_write;
@@ -144,31 +144,34 @@
}
}
- // Flush remaining data
- if (a != b) {
- buffer[b] = '\0';
- if (logwrap)
- ALOG(LOG_INFO, btag, "%s", &buffer[a]);
+ if (chld_sts != NULL) {
+ *chld_sts = status;
+ } else {
+ if (WIFEXITED(status))
+ rc = WEXITSTATUS(status);
+ else
+ rc = -ECHILD;
}
- if (WIFEXITED(status)) {
+ if (logwrap) {
+ // Flush remaining data
+ if (a != b) {
+ buffer[b] = '\0';
+ ALOG(LOG_INFO, btag, "%s", &buffer[a]);
+ }
+ if (WIFEXITED(status)) {
if (WEXITSTATUS(status))
- ALOG(LOG_INFO, "logwrapper", "%s terminated by exit(%d)", btag,
- WEXITSTATUS(status));
- if (chld_sts == NULL)
- rc = WEXITSTATUS(status);
- } else {
- if (chld_sts == NULL)
- rc = -ECHILD;
+ ALOG(LOG_INFO, "logwrapper", "%s terminated by exit(%d)", btag,
+ WEXITSTATUS(status));
+ } else {
if (WIFSIGNALED(status))
- ALOG(LOG_INFO, "logwrapper", "%s terminated by signal %d", btag,
- WTERMSIG(status));
+ ALOG(LOG_INFO, "logwrapper", "%s terminated by signal %d", btag,
+ WTERMSIG(status));
else if (WIFSTOPPED(status))
- ALOG(LOG_INFO, "logwrapper", "%s stopped by signal %d", btag,
- WSTOPSIG(status));
+ ALOG(LOG_INFO, "logwrapper", "%s stopped by signal %d", btag,
+ WSTOPSIG(status));
+ }
}
- if (chld_sts != NULL)
- *chld_sts = status;
err_poll:
return rc;
diff --git a/run-as/package.c b/run-as/package.c
index 143d647..683dae6 100644
--- a/run-as/package.c
+++ b/run-as/package.c
@@ -76,13 +76,30 @@
struct stat st;
size_t length = 0;
void* address = NULL;
+ gid_t oldegid;
*filesize = 0;
+ /*
+ * Temporarily switch effective GID to allow us to read
+ * the packages file
+ */
+
+ oldegid = getegid();
+ if (setegid(AID_SYSTEM) < 0) {
+ return NULL;
+ }
+
/* open the file for reading */
fd = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
- if (fd < 0)
+ if (fd < 0) {
return NULL;
+ }
+
+ /* restore back to our old egid */
+ if (setegid(oldegid) < 0) {
+ goto EXIT;
+ }
/* get its size */
ret = TEMP_FAILURE_RETRY(fstat(fd, &st));