Android p preview 2
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Skip dropping the bounding set without SECURE_NOROOT.
If we're asked to skip setting *and* locking the SECURE_NOROOT
securebit, also skip dropping the bounding set. If the caller wants to
regain all capabilities when executing a set-user-ID-root program,
allow them to do so. The default behavior (i.e. the behavior without
|securebits_skip_mask| set) will still put the jailed process tree in a
This will allow giving powerd on Chrome OS some capabilities without
breaking other things.
Test: New unit tests.
Test: Ad-hoc with fork+exec program + setuid program + -B 0x3
Test: Setuid program is able to keep all caps.
5 files changed