logd: auditd + klogd control CAPS
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-testsa
Bug: 32450474
Change-Id: Icdaf9e352e86c9e140928509201da743004aeedb
diff --git a/logd/main.cpp b/logd/main.cpp
index 770aa25..99ad080 100644
--- a/logd/main.cpp
+++ b/logd/main.cpp
@@ -89,7 +89,7 @@
// logd
//
-static int drop_privs() {
+static int drop_privs(bool klogd, bool auditd) {
struct sched_param param;
memset(¶m, 0, sizeof(param));
@@ -119,8 +119,8 @@
if (cap_clear(caps.get()) < 0) return -1;
cap_value_t cap_value[] = {
CAP_SETGID, // must be first for below
- CAP_SYSLOG,
- CAP_AUDIT_CONTROL
+ klogd ? CAP_SYSLOG : CAP_SETGID,
+ auditd ? CAP_AUDIT_CONTROL : CAP_SETGID
};
if (cap_set_flag(caps.get(), CAP_PERMITTED,
arraysize(cap_value), cap_value,
@@ -444,7 +444,10 @@
pthread_attr_destroy(&attr);
}
- if (drop_privs() != 0) {
+ bool auditd = __android_logger_property_get_bool("logd.auditd",
+ BOOL_DEFAULT_TRUE |
+ BOOL_DEFAULT_FLAG_PERSIST);
+ if (drop_privs(klogd, auditd) != 0) {
return -1;
}
@@ -499,9 +502,6 @@
// initiated log messages. New log entries are added to LogBuffer
// and LogReader is notified to send updates to connected clients.
- bool auditd = __android_logger_property_get_bool("logd.auditd",
- BOOL_DEFAULT_TRUE |
- BOOL_DEFAULT_FLAG_PERSIST);
LogAudit *al = NULL;
if (auditd) {
al = new LogAudit(logBuf, reader,