Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a0e51bbb authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Simplify POSIX capabilities to bitmask" into main am: ac0caa64 am: 6f4454b2 

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/3250421



Change-Id: I3bd82d2d0a2c902309b66a18c064c627589e324d
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 601a5716 6f4454b2

core/java/com/android/internal/os/ZygoteInit.java

+14 −29
Original line number Diff line number Diff line
@@ -631,21 +631,20 @@ public class ZygoteInit { 
     */

    private static Runnable forkSystemServer(String abiList, String socketName,

            ZygoteServer zygoteServer) {

        long capabilities = posixCapabilitiesAsBits(

                OsConstants.CAP_IPC_LOCK,

                OsConstants.CAP_KILL,

                OsConstants.CAP_NET_ADMIN,

                OsConstants.CAP_NET_BIND_SERVICE,

                OsConstants.CAP_NET_BROADCAST,

                OsConstants.CAP_NET_RAW,

                OsConstants.CAP_SYS_MODULE,

                OsConstants.CAP_SYS_NICE,

                OsConstants.CAP_SYS_PTRACE,

                OsConstants.CAP_SYS_TIME,

                OsConstants.CAP_SYS_TTY_CONFIG,

                OsConstants.CAP_WAKE_ALARM,

                OsConstants.CAP_BLOCK_SUSPEND

        );

        long capabilities =

                (1L << OsConstants.CAP_IPC_LOCK) |

                (1L << OsConstants.CAP_KILL) |

                (1L << OsConstants.CAP_NET_ADMIN) |

                (1L << OsConstants.CAP_NET_BIND_SERVICE) |

                (1L << OsConstants.CAP_NET_BROADCAST) |

                (1L << OsConstants.CAP_NET_RAW) |

                (1L << OsConstants.CAP_SYS_MODULE) |

                (1L << OsConstants.CAP_SYS_NICE) |

                (1L << OsConstants.CAP_SYS_PTRACE) |

                (1L << OsConstants.CAP_SYS_TIME) |

                (1L << OsConstants.CAP_SYS_TTY_CONFIG) |

                (1L << OsConstants.CAP_WAKE_ALARM) |

                (1L << OsConstants.CAP_BLOCK_SUSPEND);

        /* Containers run without some capabilities, so drop any caps that are not available. */

        StructCapUserHeader header = new StructCapUserHeader(

                OsConstants._LINUX_CAPABILITY_VERSION_3, 0);
@@ -741,20 +740,6 @@ public class ZygoteInit { 
        return null;

    }



    /**

     * Gets the bit array representation of the provided list of POSIX capabilities.

     */

    private static long posixCapabilitiesAsBits(int... capabilities) {

        long result = 0;

        for (int capability : capabilities) {

            if ((capability < 0) || (capability > OsConstants.CAP_LAST_CAP)) {

                throw new IllegalArgumentException(String.valueOf(capability));

            }

            result |= (1L << capability);

        }

        return result;

    }



    /**

     * This is the entry point for a Zygote process.  It creates the Zygote server, loads resources,

     * and handles other tasks related to preparing the process for forking into applications.