init: Use ScopedCaps for cap_init() (7bb36023) · Commits · e / os / android_system_core

init/capabilities.cpp

+7 −9

Original line number	Diff line number	Diff line
		@@ -107,17 +107,15 @@ static bool DropBoundingSet(const CapSet& to_keep) {
		}

		static bool SetProcCaps(const CapSet& to_keep, bool add_setpcap) {
		cap_t caps = cap_init();
		auto deleter = [](cap_t* p) { cap_free(*p); };
		std::unique_ptr<cap_t, decltype(deleter)> ptr_caps(&caps, deleter);
		ScopedCaps caps(cap_init());

		cap_clear(caps);
		cap_clear(caps.get());
		cap_value_t value[1];
		for (size_t cap = 0; cap < to_keep.size(); ++cap) {
		if (to_keep.test(cap)) {
		value[0] = cap;
		if (cap_set_flag(caps, CAP_INHERITABLE, arraysize(value), value, CAP_SET) != 0 \|\|
		cap_set_flag(caps, CAP_PERMITTED, arraysize(value), value, CAP_SET) != 0) {
		if (cap_set_flag(caps.get(), CAP_INHERITABLE, arraysize(value), value, CAP_SET) != 0 \|\|
		cap_set_flag(caps.get(), CAP_PERMITTED, arraysize(value), value, CAP_SET) != 0) {
		PLOG(ERROR) << "cap_set_flag(INHERITABLE\|PERMITTED, " << cap << ") failed";
		return false;
		}
		@@ -126,14 +124,14 @@ static bool SetProcCaps(const CapSet& to_keep, bool add_setpcap) {

		if (add_setpcap) {
		value[0] = CAP_SETPCAP;
		if (cap_set_flag(caps, CAP_PERMITTED, arraysize(value), value, CAP_SET) != 0 \|\|
		cap_set_flag(caps, CAP_EFFECTIVE, arraysize(value), value, CAP_SET) != 0) {
		if (cap_set_flag(caps.get(), CAP_PERMITTED, arraysize(value), value, CAP_SET) != 0 \|\|
		cap_set_flag(caps.get(), CAP_EFFECTIVE, arraysize(value), value, CAP_SET) != 0) {
		PLOG(ERROR) << "cap_set_flag(PERMITTED\|EFFECTIVE, " << CAP_SETPCAP << ") failed";
		return false;
		}
		}

		if (cap_set_proc(caps) != 0) {
		if (cap_set_proc(caps.get()) != 0) {
		PLOG(ERROR) << "cap_set_proc(" << to_keep.to_ulong() << ") failed";
		return false;
		}