1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
4:59:16 liuyq: hisilicon$ grep -rn 'LSM_HOOK_INIT(capset' security/
security/commoncap.c:1092: LSM_HOOK_INIT(capset, cap_capset),
security/selinux/hooks.c:6090: LSM_HOOK_INIT(capset, selinux_capset),
14:59:17 liuyq: hisilicon$
security/security.c:
int security_capset(struct cred *new, const struct cred *old,
const kernel_cap_t *effective,
const kernel_cap_t *inheritable,
const kernel_cap_t *permitted) {
return call_int_hook(capset, 0, new, old, effective, inheritable, permitted);
}
kernel/capability.c:
SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data){
....
ret = security_capset(new, current_cred(), &effective, &inheritable, &permitted);
if (ret < 0) goto error;
....
}
external/libcap
0:30:01 liuyq: master$ grep -rn CAP_AUDIT_CONTROL system/core/
system/core/logd/main.cpp:129: auditd ? CAP_AUDIT_CONTROL : CAP_SETGID };
system/core/logd/main.cpp:140: "failed to set CAP_SETGID, CAP_SYSLOG or CAP_AUDIT_CONTROL (%d)",
system/core/libcutils/include/private/android_filesystem_capability.h:102:#define CAP_AUDIT_CONTROL 30
system/core/libcutils/fs_config.cpp:185: CAP_MASK_LONG(CAP_AUDIT_CONTROL) |
10:30:07 liuyq: master$
static const struct fs_path_config android_files[] = {
...
{ 00550, AID_LOGD, AID_LOGD, CAP_MASK_LONG(CAP_SYSLOG) |
CAP_MASK_LONG(CAP_AUDIT_CONTROL) |
CAP_MASK_LONG(CAP_SETGID),
"system/bin/logd" },
...
}
|