toolbox: Make reboot a separate command from toolbox
Set the CAP_SYS_BOOT filesystem capability on the new reboot
command and keep CAP_SYS_BOOT in adb bounding set so that the
shell user can run it.
Change-Id: I1dd6143445ee2a952254f0452ab6e544318431dd
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 8611d3b..74ec29d 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -50,3 +50,4 @@
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/init.rc)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/init.rc)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/bin/reboot)
diff --git a/adb/adb.c b/adb/adb.c
index d2a2d27..93a9334 100644
--- a/adb/adb.c
+++ b/adb/adb.c
@@ -1195,8 +1195,9 @@
#endif
int i;
for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
- if ((i == CAP_SETUID) || (i == CAP_SETGID)) {
+ if (i == CAP_SETUID || i == CAP_SETGID || i == CAP_SYS_BOOT) {
// CAP_SETUID CAP_SETGID needed by /system/bin/run-as
+ // CAP_SYS_BOOT needed by /system/bin/reboot
continue;
}
int err = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h
index 540318f..850e0bd 100644
--- a/include/private/android_filesystem_config.h
+++ b/include/private/android_filesystem_config.h
@@ -228,8 +228,9 @@
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/tcpdump" },
{ 04770, AID_ROOT, AID_RADIO, 0, "system/bin/pppd-ril" },
- /* the following file has enhanced capabilities and IS included in user builds. */
+ /* the following files have enhanced capabilities and ARE included in user builds. */
{ 00750, AID_ROOT, AID_SHELL, (1 << CAP_SETUID) | (1 << CAP_SETGID), "system/bin/run-as" },
+ { 00750, AID_ROOT, AID_SHELL, 1 << CAP_SYS_BOOT, "system/bin/reboot" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" },
{ 00755, AID_ROOT, AID_ROOT, 0, "system/lib/valgrind/*" },
diff --git a/reboot/Android.mk b/reboot/Android.mk
new file mode 100644
index 0000000..4db0c1e
--- /dev/null
+++ b/reboot/Android.mk
@@ -0,0 +1,12 @@
+# Copyright 2013 The Android Open Source Project
+
+LOCAL_PATH:= $(call my-dir)
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES:= reboot.c
+
+LOCAL_SHARED_LIBRARIES:= libcutils
+
+LOCAL_MODULE:= reboot
+
+include $(BUILD_EXECUTABLE)
diff --git a/toolbox/reboot.c b/reboot/reboot.c
similarity index 66%
rename from toolbox/reboot.c
rename to reboot/reboot.c
index f8546de..45d8a8e 100644
--- a/toolbox/reboot.c
+++ b/reboot/reboot.c
@@ -1,10 +1,26 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <cutils/android_reboot.h>
#include <unistd.h>
-int reboot_main(int argc, char *argv[])
+int main(int argc, char *argv[])
{
int ret;
int nosync = 0;
@@ -16,11 +32,11 @@
int c;
c = getopt(argc, argv, "np");
-
+
if (c == EOF) {
break;
}
-
+
switch (c) {
case 'n':
nosync = 1;
diff --git a/toolbox/Android.mk b/toolbox/Android.mk
index 2ecb626..677539f 100644
--- a/toolbox/Android.mk
+++ b/toolbox/Android.mk
@@ -16,7 +16,6 @@
rm \
mkdir \
rmdir \
- reboot \
getevent \
sendevent \
date \