Add libminijail static library target.
This will be used for statically-linked binaries on Android.
Also, fix the call to get_last_valid_cap() to only happen when we're
dropping capabilities.
Bug: 26099386
Change-Id: I741390b6b356592ec9bdfe54b04d23feab5702aa
diff --git a/Android.mk b/Android.mk
index f6f6476..c19fa1d 100644
--- a/Android.mk
+++ b/Android.mk
@@ -15,8 +15,15 @@
LOCAL_PATH := $(call my-dir)
-# Common variables
+# Common variables.
# ========================================================
+libminijailSrcFiles := \
+ bpf.c \
+ libminijail.c \
+ signal_handler.c \
+ syscall_filter.c \
+ util.c
+
minijailCommonCFlags := -Wall -Werror
minijailCommonSharedLibraries := libcap
@@ -51,12 +58,7 @@
LOCAL_CFLAGS := $(minijailCommonCFlags)
LOCAL_CLANG := true
-LOCAL_SRC_FILES := \
- bpf.c \
- libminijail.c \
- signal_handler.c \
- syscall_filter.c \
- util.c \
+LOCAL_SRC_FILES := $(libminijailSrcFiles)
LOCAL_STATIC_LIBRARIES := libminijail_generated
LOCAL_SHARED_LIBRARIES := $(minijailCommonSharedLibraries)
@@ -64,6 +66,21 @@
include $(BUILD_SHARED_LIBRARY)
+# libminijail static library for target.
+# ========================================================
+include $(CLEAR_VARS)
+LOCAL_MODULE := libminijail
+
+LOCAL_CFLAGS := $(minijailCommonCFlags)
+LOCAL_CLANG := true
+LOCAL_SRC_FILES := $(libminijailSrcFiles)
+
+LOCAL_STATIC_LIBRARIES := libminijail_generated
+LOCAL_SHARED_LIBRARIES := $(minijailCommonSharedLibraries)
+LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)
+include $(BUILD_STATIC_LIBRARY)
+
+
# libminijail native unit tests. Run with:
# adb shell /data/nativetest/libminijail_unittest/libminijail_unittest
# ========================================================
diff --git a/libminijail.c b/libminijail.c
index 6de6b6a..8b8100e 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -1145,10 +1145,12 @@
void API minijail_enter(const struct minijail *j)
{
/*
- * Get the last valid cap from /proc, since /proc can be unmounted
- * before drop_caps().
+ * If we're dropping caps, get the last valid cap from /proc now,
+ * since /proc can be unmounted before drop_caps() is called.
*/
- unsigned int last_valid_cap = get_last_valid_cap();
+ unsigned int last_valid_cap = 0;
+ if (j->flags.caps)
+ last_valid_cap = get_last_valid_cap();
if (j->flags.pids)
die("tried to enter a pid-namespaced jail;"
