From d32c36c961da82fa0b0e70a80d9a6e62a0551d2a Mon Sep 17 00:00:00 2001
From: Luis Hector Chavez <lhchavez@google.com>
Date: Fri, 8 Jun 2018 15:00:40 -0700
Subject: [PATCH] logd: Move the capabilities from file based to ambient

This change moves logd's capabilities from being file based to being set
by init through ambient capabilities.

Bug: 62845925
Test: sailfish:/ # grep Cap /proc/`pidof logd`/status
      CapInh: 0000000000000000
      CapPrm: 0000000440000000
      CapEff: 0000000440000000
      CapBnd: 0000000440000040
      CapAmb: 0000000000000000
      $ capsh --decode=0x440000040
      0x440000040=cap_setgid,cap_audit_control,cap_syslog
Test: liblog-unit-tests, logd-unit-tests, logcat-unit-tests
Change-Id: I28c7c4ad37ad5eafd399aef78c303ce31298a9ef
---
 libcutils/fs_config.cpp | 5 +----
 logd/logd.rc            | 1 +
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp
index 6169324cb..341dfe314 100644
--- a/libcutils/fs_config.cpp
+++ b/libcutils/fs_config.cpp
@@ -154,6 +154,7 @@ static const struct fs_path_config android_files[] = {
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/crash_dump64" },
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/debuggerd" },
     { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/install-recovery.sh" },
+    { 00550, AID_LOGD,      AID_LOGD,      0, "system/bin/logd" },
     { 00700, AID_ROOT,      AID_ROOT,      0, "system/bin/secilc" },
     { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/uncrypt" },
     { 00600, AID_ROOT,      AID_ROOT,      0, "system/build.prop" },
@@ -179,10 +180,6 @@ static const struct fs_path_config android_files[] = {
     // in user builds.
     { 00700, AID_SYSTEM,    AID_SHELL,     CAP_MASK_LONG(CAP_BLOCK_SUSPEND),
                                               "system/bin/inputflinger" },
-    { 00550, AID_LOGD,      AID_LOGD,      CAP_MASK_LONG(CAP_SYSLOG) |
-                                           CAP_MASK_LONG(CAP_AUDIT_CONTROL) |
-                                           CAP_MASK_LONG(CAP_SETGID),
-                                              "system/bin/logd" },
     { 00550, AID_SYSTEM,    AID_LOG,      CAP_MASK_LONG(CAP_SYSLOG),
                                               "system/bin/bootstat" },
     { 00750, AID_ROOT,      AID_SHELL,     CAP_MASK_LONG(CAP_SETUID) |
diff --git a/logd/logd.rc b/logd/logd.rc
index bd303b72b..c740ecfce 100644
--- a/logd/logd.rc
+++ b/logd/logd.rc
@@ -6,6 +6,7 @@ service logd /system/bin/logd
     file /dev/kmsg w
     user logd
     group logd system package_info readproc
+    capabilities SYSLOG AUDIT_CONTROL SETGID
     writepid /dev/cpuset/system-background/tasks
 
 service logd-reinit /system/bin/logd --reinit