Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9f75a035 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

adbd: make a PR_CAPBSET_DROP error fatal. 

Back in 080427e4, we said:

  If the kernel doesn't support file capabilities, we ignore
  a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
  become a fatal error.

Make it a fatal error. With SELinux support, all devices are
required to support file capabilities.

Change-Id: I0ce0c4cb9387c42e325cbf1a63c5d82e6aab530c
parent 7c20ab3e

adb/daemon/main.cpp

+1 −5
Original line number Diff line number Diff line
@@ -54,11 +54,7 @@ static void drop_capabilities_bounding_set_if_needed() { 
        }



        int err = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);



        // Some kernels don't have file capabilities compiled in, and

        // prctl(PR_CAPBSET_DROP) returns EINVAL. Don't automatically

        // die when we see such misconfigured kernels.

        if ((err < 0) && (errno != EINVAL)) {

        if (err < 0) {

            PLOG(FATAL) << "Could not drop capabilities";

        }

    }