Use init to set capabilities With the minijail code the groups set in the rild.rc are lost when switching user. The reason for starting as root was to be able to set capabilities, since that code was written init has gain the ability to set capabilities at service declaration so use that instead so we dont even have to start as root. Test: cat /proc/`pgrep rild`/status Before change: Name: rild ... Uid: 1001 1001 1001 1001 Gid: 1001 1001 1001 1001 ... Groups: ... CapInh: 0000001000003000 CapPrm: 0000001000003000 CapEff: 0000001000003000 CapBnd: 0000001000003000 CapAmb: 0000000000000000 ... After change: Name: rild ... Uid: 1001 1001 1001 1001 Gid: 1001 1001 1001 1001 ... Groups: 1005 1007 2001 3003 3009 3010 9998 ... CapInh: 0000001000003000 CapPrm: 0000001000003000 CapEff: 0000001000003000 CapBnd: 0000001000003000 CapAmb: 0000001000003000 ... Bug: 33443755 Change-Id: Iac8aea697ac24417edecb4c0061e56821d3dc59e

commit: aafb4e2754ad2a15fedb0efe0faf97d8c259380b [log] [tgz]
author: Johan Redestig <johan.redestig@sonymobile.com> Wed Nov 30 12:55:42 2016 +0100
committer: Jorge Lucangeli Obes <jorgelo@google.com> Tue Dec 13 11:14:15 2016 -0500
tree: f4e2b429ef581a23c1ed3d88475c56b0b4f50b62
parent: 0078c8d7997afae1f9a250e3e03a474697098a4a [diff]
diff --git a/rild/Android.mk b/rild/Android.mk
index 37f1153..152266c 100644
--- a/rild/Android.mk
+++ b/rild/Android.mk

@@ -10,7 +10,6 @@
 	libcutils \
 	libdl \
 	liblog \
-	libminijail \
 	libril
 
 # Temporary hack for broken vendor RILs.

diff --git a/rild/rild.c b/rild/rild.c
index dec950e..50710d6 100644
--- a/rild/rild.c
+++ b/rild/rild.c

@@ -33,7 +33,6 @@
 #include <sys/prctl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
-#include <libminijail.h>
 #include <libril/ril_ex.h>
 
 #include <private/android_filesystem_config.h>
@@ -41,7 +40,6 @@
 #define LIB_PATH_PROPERTY   "rild.libpath"
 #define LIB_ARGS_PROPERTY   "rild.libargs"
 #define MAX_LIB_ARGS        16
-#define MAX_CAP_NUM         (CAP_TO_INDEX(CAP_LAST_CAP) + 1)
 
 static void usage(const char *argv0) {
     fprintf(stderr, "Usage: %s -l <ril impl library> [-- <args for impl library>]\n", argv0);
@@ -97,31 +95,6 @@
     return count;
 }
 
-/*
- * switchUser - Switches UID to radio, preserving CAP_NET_ADMIN capabilities.
- * Our group, cache, was set by init.
- */
-void switchUser() {
-    char debuggable[PROP_VALUE_MAX];
-    struct minijail *j = minijail_new();
-    minijail_change_uid(j, AID_RADIO);
-    minijail_use_caps(j, CAP_MASK_LONG(CAP_BLOCK_SUSPEND) |
-                         CAP_MASK_LONG(CAP_NET_ADMIN) |
-                         CAP_MASK_LONG(CAP_NET_RAW));
-
-    minijail_enter(j);
-    minijail_destroy(j);
-
-    /*
-     * Debuggable build only:
-     * Set DUMPABLE that was cleared by setuid() to have tombstone on RIL crash
-     */
-    property_get("ro.debuggable", debuggable, "0");
-    if (strcmp(debuggable, "1") == 0) {
-        prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
-    }
-}
-
 int main(int argc, char **argv) {
     const char *rilLibPath = NULL;
     char **rilArgv;
@@ -177,8 +150,6 @@
         }
     }
 
-    switchUser();
-
     dlHandle = dlopen(rilLibPath, RTLD_NOW);
 
     if (dlHandle == NULL) {

diff --git a/rild/rild.rc b/rild/rild.rc
index 35b424f..a9ffe11 100644
--- a/rild/rild.rc
+++ b/rild/rild.rc

@@ -3,5 +3,6 @@
     socket rild stream 660 root radio
     socket sap_uim_socket1 stream 660 bluetooth bluetooth
     socket rild-debug stream 660 radio system
-    user root
+    user radio
     group radio cache inet misc audio log readproc wakelock
+    capabilities BLOCK_SUSPEND NET_ADMIN NET_RAW
commit	aafb4e2754ad2a15fedb0efe0faf97d8c259380b	[log] [tgz]
author	Johan Redestig <johan.redestig@sonymobile.com>	Wed Nov 30 12:55:42 2016 +0100
committer	Jorge Lucangeli Obes <jorgelo@google.com>	Tue Dec 13 11:14:15 2016 -0500
tree	f4e2b429ef581a23c1ed3d88475c56b0b4f50b62
parent	0078c8d7997afae1f9a250e3e03a474697098a4a [diff]