Loading init/service.cpp +9 −2 Original line number Diff line number Diff line Loading @@ -235,8 +235,15 @@ void Service::KillProcessGroup(int signal) { void Service::SetProcessAttributes() { // Keep capabilites on uid change. if (capabilities_.any() && uid_) { if (prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS | SECBIT_KEEP_CAPS_LOCKED) != 0) { PLOG(FATAL) << "prtcl(PR_SET_KEEPCAPS) failed for " << name_; // If Android is running in a container, some securebits might already // be locked, so don't change those. int64_t securebits = prctl(PR_GET_SECUREBITS); if (securebits == -1) { PLOG(FATAL) << "prctl(PR_GET_SECUREBITS) failed for " << name_; } securebits |= SECBIT_KEEP_CAPS | SECBIT_KEEP_CAPS_LOCKED; if (prctl(PR_SET_SECUREBITS, securebits) != 0) { PLOG(FATAL) << "prctl(PR_SET_SECUREBITS) failed for " << name_; } } Loading Loading
init/service.cpp +9 −2 Original line number Diff line number Diff line Loading @@ -235,8 +235,15 @@ void Service::KillProcessGroup(int signal) { void Service::SetProcessAttributes() { // Keep capabilites on uid change. if (capabilities_.any() && uid_) { if (prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS | SECBIT_KEEP_CAPS_LOCKED) != 0) { PLOG(FATAL) << "prtcl(PR_SET_KEEPCAPS) failed for " << name_; // If Android is running in a container, some securebits might already // be locked, so don't change those. int64_t securebits = prctl(PR_GET_SECUREBITS); if (securebits == -1) { PLOG(FATAL) << "prctl(PR_GET_SECUREBITS) failed for " << name_; } securebits |= SECBIT_KEEP_CAPS | SECBIT_KEEP_CAPS_LOCKED; if (prctl(PR_SET_SECUREBITS, securebits) != 0) { PLOG(FATAL) << "prctl(PR_SET_SECUREBITS) failed for " << name_; } } Loading
