Add support for dropping capabilities from the bounding set. Android daemons such as adbd need to drop capabilities from their bounding sets (to prevent processes they launch from gaining privileges through file capabilities), but not from their runtime (permitted|inheritable|effective) sets. Add support for this and rename some capability-related code to make things clearer. While in there, fix a comment in the Android makefile. Bug: 27274137 Change-Id: I7cab7e3302bb34cd7859b9621906391104bf6b4e

commit: f9fcdbe67360c30a41b70c2f1271c0767eb073c9 [log] [tgz]
author: Jorge Lucangeli Obes <jorgelo@google.com> Fri Feb 19 15:04:09 2016 -0800
committer: Jorge Lucangeli Obes <jorgelo@google.com> Fri Feb 19 15:20:18 2016 -0800
tree: cc3ac22a6944700a3331ba085dd71f053f845838
parent: 6482e8d2d70407a190e7eea4aeb895da0ed19cb1 [diff] [blame]
diff --git a/libminijail.h b/libminijail.h
index b0ca61d..8bd8b39 100644
--- a/libminijail.h
+++ b/libminijail.h

@@ -52,7 +52,9 @@
 void minijail_use_seccomp_filter(struct minijail *j);
 void minijail_parse_seccomp_filters(struct minijail *j, const char *path);
 void minijail_log_seccomp_filter_failures(struct minijail *j);
+/* 'minijail_use_caps' and 'minijail_capbset_drop' are mutually exclusive. */
 void minijail_use_caps(struct minijail *j, uint64_t capmask);
+void minijail_capbset_drop(struct minijail *j, uint64_t capmask);
 void minijail_reset_signal_mask(struct minijail *j);
 void minijail_namespace_vfs(struct minijail *j);
 void minijail_namespace_enter_vfs(struct minijail *j, const char *ns_path);
commit	f9fcdbe67360c30a41b70c2f1271c0767eb073c9	[log] [tgz]
author	Jorge Lucangeli Obes <jorgelo@google.com>	Fri Feb 19 15:04:09 2016 -0800
committer	Jorge Lucangeli Obes <jorgelo@google.com>	Fri Feb 19 15:20:18 2016 -0800
tree	cc3ac22a6944700a3331ba085dd71f053f845838
parent	6482e8d2d70407a190e7eea4aeb895da0ed19cb1 [diff] [blame]