Drop inheritable caps and caps bounding set before executing payload
This change basically does the following things:
* Add rust_bindgen for the libcap.
* Add libcap_rust wrapping the bindgen and providing
drop_inhertiable_caps and drop_bounding_set APIs;
* Call the libcap_rust APIs before execve'ing into the payload binary.
This is done using the CommandExt::pre_exec function.
Additionally this change adds basic tests for libcap_rust library and
the e2e test to verify that binary running payload have zero
capabilities.
Bug: 243633980
Test: atest libcap_rust.test
Test: atest MicrodroidTestApp
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid
Test: enter microdroid shell & check microdroid_launcher has empty caps
Change-Id: Ibfb45ec912df0ad0a1db62b24c22fbe5a61ff5f3
diff --git a/microdroid_manager/microdroid_manager.rc b/microdroid_manager/microdroid_manager.rc
index c41ee38..97d14b5 100644
--- a/microdroid_manager/microdroid_manager.rc
+++ b/microdroid_manager/microdroid_manager.rc
@@ -7,6 +7,8 @@
setenv RUST_LOG info
# TODO(jooyung) remove this when microdroid_manager becomes a daemon
oneshot
- # SYS_BOOT is required to exec kexecload from microdroid_manager
- capabilities AUDIT_CONTROL SYS_ADMIN SYS_BOOT
+ # CAP_SYS_BOOT is required to exec kexecload from microdroid_manager
+ # CAP_SETCAP is required to allow microdroid_manager to drop capabilities
+ # before executing the payload
+ capabilities AUDIT_CONTROL SYS_ADMIN SYS_BOOT SETPCAP
socket vm_payload_service stream 0666 system system