simplify clatd permission dropping logic There's no danger here, because we drop privileges before we start processing packets. This should also make clatd fully functional on 4.9-q kernels that still have the Paranoid Android patchset (by creating all sockets prior to dropping netd's uid and capabilities). Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I14cab836907be8bbedc0812cec277808e9f3f91f

commit: b64249ec5367e5ab174b1688c1125af14d8a8cd6 [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Fri Oct 22 18:31:50 2021 -0700
committer: Maciej Żenczykowski <maze@google.com> Thu Nov 18 19:08:50 2021 +0000
tree: a392b743864c90e41797d3b2c3ba119f07c9f360
parent: 7c87aaa50a8c0068d91b8980ec3cab57916d5258 [diff] [blame]
diff --git a/clatd.h b/clatd.h
index 34fa885..75ffea3 100644
--- a/clatd.h
+++ b/clatd.h

@@ -40,7 +40,7 @@
 
 void configure_tun_ip(const struct tun_data *tunnel, const char *v4_addr, int mtu);
 void set_capability(uint64_t target_cap);
-void drop_root_but_keep_caps();
+void drop_root_and_caps();
 void open_sockets(struct tun_data *tunnel, uint32_t mark);
 int ipv6_address_changed(const char *interface);
 int configure_clat_ipv6_address(const struct tun_data *tunnel, const char *interface,
commit	b64249ec5367e5ab174b1688c1125af14d8a8cd6	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Fri Oct 22 18:31:50 2021 -0700
committer	Maciej Żenczykowski <maze@google.com>	Thu Nov 18 19:08:50 2021 +0000
tree	a392b743864c90e41797d3b2c3ba119f07c9f360
parent	7c87aaa50a8c0068d91b8980ec3cab57916d5258 [diff] [blame]