From 65b8d749f71d7962831e87600dd6137566c3c281 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Mon, 27 Nov 2017 13:34:19 -0800 Subject: [PATCH] Standarize on VFS_CAP_REVISION_2 In https://github.com/torvalds/linux/commit/8db6c34f1dbc8 , namespaced file capabilities were introduced. That change updated VFS_CAP_REVISION from VFS_CAP_REVISION_2 to VFS_CAP_REVISION_3. Android code is written assuming v2 capabilities, and the code will break if we naively try to treat a v2 structure as a v3 structure. So don't even try. Android kernels prior to v4.14 will not support this extended capability structure, so attempting to set such capabilities will ultimately fail. With 8db6c34f1dbc8, it appears that attempting to read a v3 capabilities xattr will always downgrade the capability to a v2 capability, so it really doesn't make sense to look for a v3 capability. Android capabilities are only created at /system and /vendor filesystem creation time by host tools. Android processes, within or outside a namespace, are not permitted CAP_SETFCAP (https://android-review.googlesource.com/c/platform/system/sepolicy/+/547801/1/public/domain.te line 1101). So we should never have to deal with a v3 capability other than those that might appear on the /system / /vendor partition at a future date by a future author. Bug: 69617725 Test: build/test/boot/CTS passes Change-Id: I0378b3f1195dc62dbeb771944ab378c881441118 --- adb/file_sync_service.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adb/file_sync_service.cpp b/adb/file_sync_service.cpp index c6f3e6691..9a87931a3 100644 --- a/adb/file_sync_service.cpp +++ b/adb/file_sync_service.cpp @@ -62,7 +62,7 @@ static bool update_capabilities(const char* path, uint64_t capabilities) { } vfs_cap_data cap_data = {}; - cap_data.magic_etc = VFS_CAP_REVISION | VFS_CAP_FLAGS_EFFECTIVE; + cap_data.magic_etc = VFS_CAP_REVISION_2 | VFS_CAP_FLAGS_EFFECTIVE; cap_data.data[0].permitted = (capabilities & 0xffffffff); cap_data.data[0].inheritable = 0; cap_data.data[1].permitted = (capabilities >> 32);