Project-1CE/frameworks_base - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Jeff Vander Stoep <jeffv@google.com>	2020-04-23 10:12:56 +0200
committer	Anton Hansson <hansson@google.com>	2020-04-23 11:37:55 +0100
commit	154cac3994640001d95d1cdcd30df20515495fc3 (patch)
tree	ab7b9630993b7db3a81074da63bd424ed65bdf90 /tools/aapt2/java/JavaClassGenerator_test.cpp
parent	85df93ed71300304dd810f1439aa9162f8eb6a8e (diff)

derive_sdk: run as nobody

Unfortunately, root is the default user/group for init-launched services. This can lead to processes unnecessarily requesting permissions like privileged capabilities. This service doesn't require any privileges so run it as AID_NOBODY. Addresses: avc: denied { sys_resource } for comm=\"derive_sdk\" capability=24 scontext=u:r:derive_sdk:s0 tcontext=u:r:derive_sdk:s0 tclass=capability permissive=0 Bug: 154711554 Test: m com.android.sdkext Test: boot && adb shell getprop | grep sdk_info Change-Id: Ibd4ad616901a9d5c402ba89d636d0238b0043afa Merged-In: Ibd4ad616901a9d5c402ba89d636d0238b0043afa

Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator_test.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: