Empty merge of sc-v2-dev-plus-aosp-without-vendor@8084891
Bug: 214455710
Merged-In: Ibfb83db738a67d266856966042486edc57473649
Change-Id: I2abfe6669effaebfb936b05371b973c7e78e7dde
diff --git a/Android.bp b/Android.bp
index 70b525b..7a8ba03 100644
--- a/Android.bp
+++ b/Android.bp
@@ -53,10 +53,6 @@
cc_binary {
name: "clatd",
defaults: ["clatd_defaults"],
- // TODO: remove once drop_root_and_caps() is removed.
- header_libs: [
- "libcutils_headers", // for AID_CLAT
- ],
srcs: [
":clatd_common",
"main.c"
@@ -86,10 +82,6 @@
tidy_flags: [
"-warnings-as-errors=clang-analyzer-security*,cert-*,android-*",
],
- // Actually not required for clatd itself. See comments in the rc file.
- init_rc: [
- "vendor-464xlat.rc",
- ],
sanitize: {
memtag_heap: true,
},
diff --git a/OWNERS b/OWNERS
index eb9ff18..62c5737 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1 +1,2 @@
-include platform/system/netd:/OWNERS
+set noparent
+file:platform/packages/modules/Connectivity:master:/OWNERS_core_networking
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 873ff2f..d36908a 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -1,7 +1,6 @@
{
"presubmit": [
{ "name": "clatd_test" },
- { "name": "libnetdbpf_test" },
{ "name": "netd_integration_test" },
{ "name": "netd_unit_test" },
{ "name": "netdutils_test" },
diff --git a/clatd.c b/clatd.c
index f760fef..f72f431 100644
--- a/clatd.c
+++ b/clatd.c
@@ -39,8 +39,6 @@
#include <sys/capability.h>
#include <sys/uio.h>
-#include <private/android_filesystem_config.h> // For AID_CLAT.
-
#include "clatd.h"
#include "config.h"
#include "dump.h"
@@ -55,48 +53,6 @@
volatile sig_atomic_t running = 1;
-/* function: set_capability
- * set the permitted, effective and inheritable capabilities of the current
- * thread
- */
-void set_capability(uint64_t target_cap) {
- struct __user_cap_header_struct header = {
- .version = _LINUX_CAPABILITY_VERSION_3,
- .pid = 0 // 0 = change myself
- };
- struct __user_cap_data_struct cap[_LINUX_CAPABILITY_U32S_3] = {};
-
- cap[0].permitted = cap[0].effective = cap[0].inheritable = target_cap;
- cap[1].permitted = cap[1].effective = cap[1].inheritable = target_cap >> 32;
-
- if (capset(&header, cap) < 0) {
- logmsg(ANDROID_LOG_FATAL, "capset failed: %s", strerror(errno));
- exit(1);
- }
-}
-
-/* function: drop_root_and_caps
- * drops root privs and all capabilities
- */
-void drop_root_and_caps() {
- // see man setgroups: this drops all supplementary groups
- if (setgroups(0, NULL) < 0) {
- logmsg(ANDROID_LOG_FATAL, "setgroups failed: %s", strerror(errno));
- exit(1);
- }
-
- if (setresgid(AID_CLAT, AID_CLAT, AID_CLAT) < 0) {
- logmsg(ANDROID_LOG_FATAL, "setresgid failed: %s", strerror(errno));
- exit(1);
- }
- if (setresuid(AID_CLAT, AID_CLAT, AID_CLAT) < 0) {
- logmsg(ANDROID_LOG_FATAL, "setresuid failed: %s", strerror(errno));
- exit(1);
- }
-
- set_capability(0);
-}
-
int ipv6_address_changed(const char *interface) {
union anyip *interface_ip;
diff --git a/clatd.h b/clatd.h
index be3c9c1..87cdbcf 100644
--- a/clatd.h
+++ b/clatd.h
@@ -38,8 +38,6 @@
extern volatile sig_atomic_t running;
-void set_capability(uint64_t target_cap);
-void drop_root_and_caps();
int ipv6_address_changed(const char *interface);
void event_loop(struct tun_data *tunnel);
diff --git a/main.c b/main.c
index 3d1ff95..d9371da 100644
--- a/main.c
+++ b/main.c
@@ -152,9 +152,6 @@
uplink_interface, plat_prefix ? plat_prefix : "(none)", v4_addr ? v4_addr : "(none)",
v6_addr ? v6_addr : "(none)");
- // run under a regular user with no capabilities
- drop_root_and_caps();
-
// Loop until someone sends us a signal or brings down the tun interface.
if (signal(SIGTERM, stop_loop) == SIG_ERR) {
logmsg(ANDROID_LOG_FATAL, "sigterm handler failed: %s", strerror(errno));
diff --git a/vendor-464xlat.rc b/vendor-464xlat.rc
deleted file mode 100644
index 609531d..0000000
--- a/vendor-464xlat.rc
+++ /dev/null
@@ -1,15 +0,0 @@
-# Certain vendors disable 464xlat by setting a vendor property.
-# The connectivity code in the Tethering APEX needs to disable
-# 464xlat when the property is set, but it is only allowed to
-# access non-vendor system properties. So copy the property to
-# a property available to system APIs in android.sysprop.
-#
-# Arguably this script should live close to the code that uses
-# it, but scrips in APEXes are not allowed to use "on property".
-# So put it here close to clatd, which is at least related to
-# 464xlat.
-on property:persist.vendor.net.doxlat=true
- setprop net.464xlat.cellular.enabled true
-
-on property:persist.vendor.net.doxlat=false
- setprop net.464xlat.cellular.enabled false