From 9f75a035713d216469f1cabfe4a65f7864e2145a Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 15 Dec 2015 16:51:49 -0800
Subject: [PATCH] adbd: make a PR_CAPBSET_DROP error fatal.

Back in 080427e4e2b1b72718b660e16b6cf38b3a3c4e3f, we said:

  If the kernel doesn't support file capabilities, we ignore
  a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
  become a fatal error.

Make it a fatal error. With SELinux support, all devices are
required to support file capabilities.

Change-Id: I0ce0c4cb9387c42e325cbf1a63c5d82e6aab530c
---
 adb/daemon/main.cpp | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index feea7a3a8..218c1d0bb 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp
@@ -54,11 +54,7 @@ static void drop_capabilities_bounding_set_if_needed() {
         }
 
         int err = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
-
-        // Some kernels don't have file capabilities compiled in, and
-        // prctl(PR_CAPBSET_DROP) returns EINVAL. Don't automatically
-        // die when we see such misconfigured kernels.
-        if ((err < 0) && (errno != EINVAL)) {
+        if (err < 0) {
             PLOG(FATAL) << "Could not drop capabilities";
         }
     }