Zygote: Fix dropping capabilities in containers

Casting a int to long will sign-extend it, so if capability bit 31 was set the bitmask would always have all the upper 32 bits set, failing to drop any of the upper capabilities. Instead of plain casting, use Integer.toUnsignedLong to always zero-extend the bitmask Change-Id: I9b4c9273e8eb09f7e231b5c579e7906d05b6e475
author: Alessandro Astone <ales.astone@gmail.com> 2023-03-13 01:09:38 +0100
committer: Alessandro Astone <ales.astone@gmail.com> 2023-03-13 13:49:08 +0100
commit: cf2a3f6eb5016803d99991f6e1f204aacb9d4bdb (patch)
tree: e28a582418d35ae641cf31921bb02a265e5b9bdb
parent: 1ae5b8e863b79447d6d083adaeeee14bdbca6b78 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
index 076e4e118e66..2db9e0918d72 100644
--- a/core/java/com/android/internal/os/ZygoteInit.java
+++ b/core/java/com/android/internal/os/ZygoteInit.java
@@ -716,7 +716,8 @@ public class ZygoteInit {
         } catch (ErrnoException ex) {
             throw new RuntimeException("Failed to capget()", ex);
         }
-        capabilities &= ((long) data[0].effective) | (((long) data[1].effective) << 32);
+        capabilities &= Integer.toUnsignedLong(data[0].effective) |
+                (Integer.toUnsignedLong(data[1].effective) << 32);
 
         /* Hardcoded command line to start the system server */
         String[] args = {
author	Alessandro Astone <ales.astone@gmail.com>	2023-03-13 01:09:38 +0100
committer	Alessandro Astone <ales.astone@gmail.com>	2023-03-13 13:49:08 +0100
commit	cf2a3f6eb5016803d99991f6e1f204aacb9d4bdb (patch)
tree	e28a582418d35ae641cf31921bb02a265e5b9bdb
parent	1ae5b8e863b79447d6d083adaeeee14bdbca6b78 (diff)