commit d8c82052209904fba2b8b8cc46d15abd465a96f3
author Jorge Lucangeli Obes <jorgelo@google.com> Thu Feb 25 16:00:32 2016 -0800
committer Jorge Lucangeli Obes <jorgelo@google.com> Thu Feb 25 16:03:19 2016 -0800
tree 678f503fb2a0aafa15e9e2ddb41aeb8174e74d9b
parent f9fcdbe67360c30a41b70c2f1271c0767eb073c9

Always call 'drop_caps'.

This follows the model used by 'drop_ugid' and 'set_seccomp_filter',
and allows for the section of code where these functions are used to
be significantly more legible.

Bug: 27366428
Change-Id: I72618340df65da20deca572ea8ff43a795423433

libminijail.c

diff --git a/libminijail.c b/libminijail.c
index f916633..a38eb64 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -1252,6 +1252,10 @@
 	cap_value_t flag[1];
 	const uint64_t one = 1;
 	unsigned int i;
+
+	if (!j->flags.use_caps)
+		return;
+
 	if (!caps)
 		die("can't get process caps");
 	if (cap_clear_flag(caps, CAP_INHERITABLE))
@@ -1418,16 +1422,14 @@
 			pdie("prctl(PR_SET_SECUREBITS)");
 	}
 
-	/*
-	 * If we're setting no_new_privs, we can drop privileges
-	 * before setting seccomp filter. This way filter policies
-	 * don't need to allow privilege-dropping syscalls.
-	 */
 	if (j->flags.no_new_privs) {
+		/*
+		 * If we're setting no_new_privs, we can drop privileges
+		 * before setting seccomp filter. This way filter policies
+		 * don't need to allow privilege-dropping syscalls.
+		 */
 		drop_ugid(j);
-		if (j->flags.use_caps)
-			drop_caps(j, last_valid_cap);
-
+		drop_caps(j, last_valid_cap);
 		set_seccomp_filter(j);
 	} else {
 		/*
@@ -1438,10 +1440,8 @@
 		 * capget()/capset()/prctl() for dropping caps.
 		 */
 		set_seccomp_filter(j);
-
 		drop_ugid(j);
-		if (j->flags.use_caps)
-			drop_caps(j, last_valid_cap);
+		drop_caps(j, last_valid_cap);
 	}
 
 	/*