commit 4159aedfaa35e9a41ba9478b7bb00f661c6646d3
author Dees Troy <dees_troy@teamw.in> Fri Feb 28 17:24:43 2014 +0000
committer Dees Troy <dees_troy@teamw.in> Fri Feb 28 17:59:04 2014 +0000
tree cdc9caa6ba475f7bf520c19161b6d872c3b38631
parent 5e73cc7703ef8ed8f08cc6e8704349e1ec374334

Restore capabilities to run-as binary

Change-Id: I9e2b8e9b69c94b94c57143c04b950530490ec33e

partition.cpp

diff --git a/partition.cpp b/partition.cpp
index 57a6923..172633c 100644
--- a/partition.cpp
+++ b/partition.cpp
@@ -63,6 +63,11 @@
 #include "selinux/selinux.h"
 #include <selinux/label.h>
 #endif
+#ifdef HAVE_CAPABILITIES
+#include <sys/capability.h>
+#include <sys/xattr.h>
+#include <linux/xattr.h>
+#endif
 
 using namespace std;
 
@@ -1699,6 +1704,7 @@
 	string Full_FileName, Command;
 	int index = 0;
 	char split_index[5];
+	bool ret = false;
 
 	if (Has_Android_Secure) {
 		if (!Wipe_AndSec())
@@ -1726,8 +1732,29 @@
 		tar.setpassword(Password);
 #endif
 	if (tar.extractTarFork() != 0)
-		return false;
-	return true;
+		ret = false;
+	else
+		ret = true;
+#ifdef HAVE_CAPABILITIES
+	// Restore capabilities to the run-as binary
+	if (Mount_Point == "/system" && Mount(true) && TWFunc::Path_Exists("/system/bin/run-as")) {
+		struct vfs_cap_data cap_data;
+		uint64_t capabilities = (1 << CAP_SETUID) | (1 << CAP_SETGID);
+
+		memset(&cap_data, 0, sizeof(cap_data));
+		cap_data.magic_etc = VFS_CAP_REVISION | VFS_CAP_FLAGS_EFFECTIVE;
+		cap_data.data[0].permitted = (uint32_t) (capabilities & 0xffffffff);
+		cap_data.data[0].inheritable = 0;
+		cap_data.data[1].permitted = (uint32_t) (capabilities >> 32);
+		cap_data.data[1].inheritable = 0;
+		if (setxattr("/system/bin/run-as", XATTR_NAME_CAPS, &cap_data, sizeof(cap_data), 0) < 0) {
+			LOGINFO("Failed to reset capabilities of /system/bin/run-as binary.\n");
+		} else {
+			LOGINFO("Reset capabilities of /system/bin/run-as binary successful.\n");
+		}
+	}
+#endif
+	return ret;
 }
 
 bool TWPartition::Restore_DD(string restore_folder) {