Port prctl(PR_CAPBSET_DROP) patches dalvik-dev - platform/art

diff options

author	Nick Kralevich <nnk@google.com>	2013-02-13 14:39:17 -0800
committer	Nick Kralevich <nnk@google.com>	2013-02-14 13:18:11 -0800
commit	a0664bec2dc3e52f7880dd95f7220aa3ef982b34 (patch)
tree	6bafc87df3b1866c8eaceeda064d004e01dd7d1f /src/compiler/codegen/codegen_util.h
parent	aeeada47ecd9c6a7f5ea17bb1921d2fdbd394df9 (diff)

Port prctl(PR_CAPBSET_DROP) patches dalvik-dev

A combination of the following two dalvik commits: * https://android-review.googlesource.com/51731 * https://android-review.googlesource.com/51697 Commit message from c0ecb5bdbf465ef05ed3379c13ff9a4245412ce7 Zygote: limit the bounding capability set to CAP_NET_RAW Prevent a zygote spawned application from acquiring capabilities other than CAP_NET_RAW. The only Zygote accessible program on Android which grants capabilities is /system/bin/ping (CAP_NET_RAW), so we don't need to keep the other capabilities in our bounding set. If the kernel doesn't support file capabilities, we end up printing approx 30 lines of warning messages. Hopefully this will encourage kernel developers to upgrade. In a future change, we can turn a prctl(PR_CAPBSET_DROP) failure into a fatal error. Commit message from daa97a125fc2caa5faa44a31a768f318a26c7b65 Zygote: address comments from previous review. Previous review at https://android-review.googlesource.com/51731 Change-Id: If43d049767a9128d73f51076a674f8b87351396d

Diffstat (limited to 'src/compiler/codegen/codegen_util.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: