diff --git a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
index 614d46b..d410776 100644
--- a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
+++ b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
@@ -281,7 +281,7 @@ static bool EnableKeepCapabilities(std::string* error_msg) {
}
static bool DropCapabilitiesBoundingSet(std::string* error_msg) {
- for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
+ /* for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
if (rc == -1) {
if (errno == EINVAL) {
@@ -292,7 +292,7 @@ static bool DropCapabilitiesBoundingSet(std::string* error_msg) {
return false;
}
}
- }
+ }*/
return true;
}
diff --git a/kernel-4.4/security/commoncap.c b/kernel-4.4/security/commoncap.c
index 7fa251a..c1f995d 100644
--- a/kernel-4.4/security/commoncap.c
+++ b/kernel-4.4/security/commoncap.c
@@ -880,12 +880,12 @@ int cap_task_setnice(struct task_struct *p, int nice)
static int cap_prctl_drop(unsigned long cap)
{
struct cred *new;
-
+/*
if (!ns_capable(current_user_ns(), CAP_SETPCAP))
return -EPERM;
if (!cap_valid(cap))
return -EINVAL;
-
+*/
new = prepare_creds();
if (!new)
return -ENOMEM;
diff --git a/system/core/libcutils/fs_config.cpp b/system/core/libcutils/fs_config.cpp
index 5b79b1d..27e5c0f 100644
--- a/system/core/libcutils/fs_config.cpp
+++ b/system/core/libcutils/fs_config.cpp
@@ -173,8 +173,8 @@ static const struct fs_path_config android_files[] = {
// the following two files are INTENTIONALLY set-uid, but they
// are NOT included on user builds.
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
- { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
-
+// { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
+ { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
// the following files have enhanced capabilities and ARE included
// in user builds.
{ 00700, AID_SYSTEM, AID_SHELL, CAP_MASK_LONG(CAP_BLOCK_SUSPEND),
diff --git a/system/extras/su/su.cpp b/system/extras/su/su.cpp
index f3e4ff0..00a41a4 100644
--- a/system/extras/su/su.cpp
+++ b/system/extras/su/su.cpp
@@ -80,8 +80,8 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i
}
int main(int argc, char** argv) {
- uid_t current_uid = getuid();
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+ //uid_t current_uid = getuid();
+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
// Handle -h and --help.
++argv;
这篇博客探讨了Android内核中Zygote进程如何影响权限管理,涉及prctl函数的使用以及DropCapabilities操作。重点讲述了`com_android_internal_os_Zygote.cpp`和`commoncap.c`文件的改动,展示了在设置和限制用户权限方面的最新进展。同时提到了su工具和文件权限的变化,暗示了Android系统的安全增强措施。
3702
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
