Google Git
Sign in
android / platform / external / minijail / a6eb21a9b410cfd8c8f48177816b0f671d6cd4c5
commita6eb21a9b410cfd8c8f48177816b0f671d6cd4c5[log] [tgz]
authorJorge Lucangeli Obes <jorgelo@google.com>Thu Apr 20 10:44:00 2017 -0400
committerJorge Lucangeli Obes <jorgelo@google.com>Tue Apr 25 13:59:47 2017 -0400
treec530bcbea9fb4c7dbcdc11d20ae671f836ec3996
parent0b20877d6712e175c7bdd0943c0ffbfd99fc42b4 [diff]
Implement initial ambient capabilities support.

Credit to Brian McGillion for the initial implementation (in
https://android-review.googlesource.com/#/c/302756/).

Current support allows callers to also set ambient capabilities when
using regular capabilities. A follow-up CL will clean up the preloading
situation wrt ambient capabilities.

Bug: 32066154
Test: Use 'drop_privs' executable, check that it gets ambient caps.
Change-Id: If493fb5886fe9798436a749b7ebdbc04f00000b6
5 files changed
tree: c530bcbea9fb4c7dbcdc11d20ae671f836ec3996
  1. examples/
  2. linux-x86/
  3. test/
  4. tools/
  5. .clang-format
  6. .gitignore
  7. Android.mk
  8. AndroidTest.xml
  9. arch.h
  10. bpf.c
  11. bpf.h
  12. common.mk
  13. CPPLINT.cfg
  14. elfparse.c
  15. elfparse.h
  16. gen_constants.sh
  17. gen_syscalls.sh
  18. get_googletest.sh
  19. HACKING
  20. libconstants.h
  21. libminijail-private.h
  22. libminijail.c
  23. libminijail.h
  24. libminijail.pc.in
  25. libminijail_unittest.cc
  26. libminijailpreload.c
  27. libsyscalls.h
  28. Makefile
  29. minijail0.1
  30. minijail0.5
  31. minijail0.c
  32. MODULE_LICENSE_BSD
  33. NOTICE
  34. OWNERS
  35. parse_seccomp_policy.cc
  36. platform2_preinstall.sh
  37. PRESUBMIT.cfg
  38. PREUPLOAD.cfg
  39. scoped_minijail.h
  40. signal_handler.c
  41. signal_handler.h
  42. syscall_filter.c
  43. syscall_filter.h
  44. syscall_filter_unittest.cc
  45. syscall_filter_unittest_macros.h
  46. syscall_wrapper.c
  47. syscall_wrapper.h
  48. system.c
  49. system.h
  50. test_harness.h
  51. util.c
  52. util.h