commit 43e29b3551479dd6d989b830eacd1abbd83592cc
author Jorge Lucangeli Obes <jorgelo@google.com> Tue Dec 08 21:07:14 2015 -0800
committer Jorge Lucangeli Obes <jorgelo@google.com> Wed Dec 09 13:28:13 2015 -0800
tree ee48a871ff2c83e74998caadbfe43579f6d12aee
parent b845b15da9d2611608b6492abebdb25e12b55c73

Add libminijail static library target.

This will be used for statically-linked binaries on Android.

Also, fix the call to get_last_valid_cap() to only happen when we're
dropping capabilities.

Bug: 26099386
Change-Id: I741390b6b356592ec9bdfe54b04d23feab5702aa

libminijail.c

diff --git a/libminijail.c b/libminijail.c
index 6de6b6a..8b8100e 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -1145,10 +1145,12 @@
 void API minijail_enter(const struct minijail *j)
 {
 	/*
-	 * Get the last valid cap from /proc, since /proc can be unmounted
-	 * before drop_caps().
+	 * If we're dropping caps, get the last valid cap from /proc now,
+	 * since /proc can be unmounted before drop_caps() is called.
 	 */
-	unsigned int last_valid_cap = get_last_valid_cap();
+	unsigned int last_valid_cap = 0;
+	if (j->flags.caps)
+		last_valid_cap = get_last_valid_cap();
 
 	if (j->flags.pids)
 		die("tried to enter a pid-namespaced jail;"