diff options
| -rw-r--r-- | Android.mk | 3 | ||||
| -rw-r--r-- | partition.cpp | 31 | ||||
| -rw-r--r-- | partitionmanager.cpp | 2 |
3 files changed, 33 insertions, 3 deletions
diff --git a/Android.mk b/Android.mk index c6c7f3c40..013e4e1b5 100644 --- a/Android.mk +++ b/Android.mk @@ -272,6 +272,9 @@ ifeq ($(TARGET_RECOVERY_QCOM_RTC_FIX),) else ifeq ($(TARGET_RECOVERY_QCOM_RTC_FIX),true) LOCAL_CFLAGS += -DQCOM_RTC_FIX endif +ifneq ($(wildcard bionic/libc/include/sys/capability.h),) + LOCAL_CFLAGS += -DHAVE_CAPABILITIES +endif include $(BUILD_EXECUTABLE) diff --git a/partition.cpp b/partition.cpp index 57a692349..172633c07 100644 --- a/partition.cpp +++ b/partition.cpp @@ -63,6 +63,11 @@ extern "C" { #include "selinux/selinux.h" #include <selinux/label.h> #endif +#ifdef HAVE_CAPABILITIES +#include <sys/capability.h> +#include <sys/xattr.h> +#include <linux/xattr.h> +#endif using namespace std; @@ -1699,6 +1704,7 @@ bool TWPartition::Restore_Tar(string restore_folder, string Restore_File_System) string Full_FileName, Command; int index = 0; char split_index[5]; + bool ret = false; if (Has_Android_Secure) { if (!Wipe_AndSec()) @@ -1726,8 +1732,29 @@ bool TWPartition::Restore_Tar(string restore_folder, string Restore_File_System) tar.setpassword(Password); #endif if (tar.extractTarFork() != 0) - return false; - return true; + ret = false; + else + ret = true; +#ifdef HAVE_CAPABILITIES + // Restore capabilities to the run-as binary + if (Mount_Point == "/system" && Mount(true) && TWFunc::Path_Exists("/system/bin/run-as")) { + struct vfs_cap_data cap_data; + uint64_t capabilities = (1 << CAP_SETUID) | (1 << CAP_SETGID); + + memset(&cap_data, 0, sizeof(cap_data)); + cap_data.magic_etc = VFS_CAP_REVISION | VFS_CAP_FLAGS_EFFECTIVE; + cap_data.data[0].permitted = (uint32_t) (capabilities & 0xffffffff); + cap_data.data[0].inheritable = 0; + cap_data.data[1].permitted = (uint32_t) (capabilities >> 32); + cap_data.data[1].inheritable = 0; + if (setxattr("/system/bin/run-as", XATTR_NAME_CAPS, &cap_data, sizeof(cap_data), 0) < 0) { + LOGINFO("Failed to reset capabilities of /system/bin/run-as binary.\n"); + } else { + LOGINFO("Reset capabilities of /system/bin/run-as binary successful.\n"); + } + } +#endif + return ret; } bool TWPartition::Restore_DD(string restore_folder) { diff --git a/partitionmanager.cpp b/partitionmanager.cpp index e6193f919..db054d28d 100644 --- a/partitionmanager.cpp +++ b/partitionmanager.cpp @@ -1829,7 +1829,7 @@ void TWPartitionManager::Get_Partition_List(string ListType, std::vector<Partiti while (end_pos != string::npos && start_pos < Restore_List.size()) { restore_path = Restore_List.substr(start_pos, end_pos - start_pos); if ((restore_part = Find_Partition_By_Path(restore_path)) != NULL) { - if (restore_part->Backup_Name == "recovery" && !restore_part->Can_Be_Backed_Up || restore_part->Is_SubPartition) { + if ((restore_part->Backup_Name == "recovery" && !restore_part->Can_Be_Backed_Up) || restore_part->Is_SubPartition) { // Don't allow restore of recovery (causes problems on some devices) // Don't add subpartitions to the list of items } else { |