am a6436526: Merge "Human-readable POSIX capabilities for SystemServer."

* commit 'a643652680486bd1009248d1bd8fcea7da92d661': Human-readable POSIX capabilities for SystemServer.
2013-04-23 23:46:25 -07:00
parent ca9904d021 a643652680
commit 50289346b3
1 changed files with 29 additions and 1 deletions
--- a/core/java/com/android/internal/os/ZygoteInit.java
+++ b/core/java/com/android/internal/os/ZygoteInit.java
@@ -34,6 +34,7 @@ import dalvik.system.Zygote;

 import libcore.io.IoUtils;
 import libcore.io.Libcore;
+import libcore.io.OsConstants;

 import java.io.BufferedReader;
 import java.io.FileDescriptor;
@@ -472,12 +473,25 @@ public class ZygoteInit {
     */
    private static boolean startSystemServer()
            throws MethodAndArgsCaller, RuntimeException {
+        long capabilities = posixCapabilitiesAsBits(
+            OsConstants.CAP_KILL,
+            OsConstants.CAP_NET_ADMIN,
+            OsConstants.CAP_NET_BIND_SERVICE,
+            OsConstants.CAP_NET_BROADCAST,
+            OsConstants.CAP_NET_RAW,
+            OsConstants.CAP_SYS_BOOT,
+            OsConstants.CAP_SYS_MODULE,
+            OsConstants.CAP_SYS_NICE,
+            OsConstants.CAP_SYS_RESOURCE,
+            OsConstants.CAP_SYS_TIME,
+            OsConstants.CAP_SYS_TTY_CONFIG
+        );
        /* Hardcoded command line to start the system server */
        String args[] = {
            "--setuid=1000",
            "--setgid=1000",
            "--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,3001,3002,3003,3006,3007",
-            "--capabilities=130104352,130104352",
+            "--capabilities=" + capabilities + "," + capabilities,
            "--runtime-init",
            "--nice-name=system_server",
            "com.android.server.SystemServer",
@@ -511,6 +525,20 @@ public class ZygoteInit {
        return true;
    }

+    /**
+     * Gets the bit array representation of the provided list of POSIX capabilities.
+     */
+    private static long posixCapabilitiesAsBits(int... capabilities) {
+        long result = 0;
+        for (int capability : capabilities) {
+            if ((capability < 0) || (capability > OsConstants.CAP_LAST_CAP)) {
+                throw new IllegalArgumentException(String.valueOf(capability));
+            }
+            result |= (1L << capability);
+        }
+        return result;
+    }
+
    public static void main(String argv[]) {
        try {
            // Start profiling the zygote initialization.