am 50289346: am a6436526: Merge "Human-readable POSIX capabilities for SystemServer."

* commit '50289346b3010e24b6a7b86a774d88b81fc28f3b': Human-readable POSIX capabilities for SystemServer.
author: Alex Klyubin <klyubin@google.com> 2013-04-23 23:49:14 -0700
committer: Android Git Automerger <android-git-automerger@android.com> 2013-04-23 23:49:14 -0700
commit: c56b831a1f6f044451df69aafaea1b37c780a360 (patch)
tree: 611cdaaff8c0e6082b249465ae44b7b68b48c610
parent: b58121c350f605c9fec2f75cbcb1f05a289d8ab0 (diff)
parent: 50289346b3010e24b6a7b86a774d88b81fc28f3b (diff)
download: frameworks_base-c56b831a1f6f044451df69aafaea1b37c780a360.zip
frameworks_base-c56b831a1f6f044451df69aafaea1b37c780a360.tar.gz
frameworks_base-c56b831a1f6f044451df69aafaea1b37c780a360.tar.bz2
1 files changed, 29 insertions, 1 deletions
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
index 2184fd2..fb22df7 100644
--- a/core/java/com/android/internal/os/ZygoteInit.java
+++ b/core/java/com/android/internal/os/ZygoteInit.java
@@ -34,6 +34,7 @@ import dalvik.system.Zygote;
 
 import libcore.io.IoUtils;
 import libcore.io.Libcore;
+import libcore.io.OsConstants;
 
 import java.io.BufferedReader;
 import java.io.FileDescriptor;
@@ -472,12 +473,25 @@ public class ZygoteInit {
      */
     private static boolean startSystemServer()
             throws MethodAndArgsCaller, RuntimeException {
+        long capabilities = posixCapabilitiesAsBits(
+            OsConstants.CAP_KILL,
+            OsConstants.CAP_NET_ADMIN,
+            OsConstants.CAP_NET_BIND_SERVICE,
+            OsConstants.CAP_NET_BROADCAST,
+            OsConstants.CAP_NET_RAW,
+            OsConstants.CAP_SYS_BOOT,
+            OsConstants.CAP_SYS_MODULE,
+            OsConstants.CAP_SYS_NICE,
+            OsConstants.CAP_SYS_RESOURCE,
+            OsConstants.CAP_SYS_TIME,
+            OsConstants.CAP_SYS_TTY_CONFIG
+        );
         /* Hardcoded command line to start the system server */
         String args[] = {
             "--setuid=1000",
             "--setgid=1000",
             "--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,3001,3002,3003,3006,3007",
-            "--capabilities=130104352,130104352",
+            "--capabilities=" + capabilities + "," + capabilities,
             "--runtime-init",
             "--nice-name=system_server",
             "com.android.server.SystemServer",
@@ -511,6 +525,20 @@ public class ZygoteInit {
         return true;
     }
 
+    /**
+     * Gets the bit array representation of the provided list of POSIX capabilities.
+     */
+    private static long posixCapabilitiesAsBits(int... capabilities) {
+        long result = 0;
+        for (int capability : capabilities) {
+            if ((capability < 0) || (capability > OsConstants.CAP_LAST_CAP)) {
+                throw new IllegalArgumentException(String.valueOf(capability));
+            }
+            result |= (1L << capability);
+        }
+        return result;
+    }
+
     public static void main(String argv[]) {
         try {
             // Start profiling the zygote initialization.
author	Alex Klyubin <klyubin@google.com>	2013-04-23 23:49:14 -0700
committer	Android Git Automerger <android-git-automerger@android.com>	2013-04-23 23:49:14 -0700
commit	c56b831a1f6f044451df69aafaea1b37c780a360 (patch)
tree	611cdaaff8c0e6082b249465ae44b7b68b48c610
parent	b58121c350f605c9fec2f75cbcb1f05a289d8ab0 (diff)
parent	50289346b3010e24b6a7b86a774d88b81fc28f3b (diff)
download	frameworks_base-c56b831a1f6f044451df69aafaea1b37c780a360.zip frameworks_base-c56b831a1f6f044451df69aafaea1b37c780a360.tar.gz frameworks_base-c56b831a1f6f044451df69aafaea1b37c780a360.tar.bz2