derive_sdk: run as nobody

Unfortunately, root is the default user/group for
init-launched services. This can lead to processes
unnecessarily requesting permissions like privileged
capabilities. This service doesn't require any privileges
so run it as AID_NOBODY.

Addresses:
avc: denied { sys_resource } for comm=\"derive_sdk\" capability=24
scontext=u:r:derive_sdk:s0 tcontext=u:r:derive_sdk:s0
tclass=capability permissive=0

Bug: 154711554
Test: m com.android.sdkext
Test: boot && adb shell getprop | grep sdk_info
Change-Id: Ibd4ad616901a9d5c402ba89d636d0238b0043afa

0 files changed, 0 insertions, 0 deletions