diff options
| author | Luis Hector Chavez <lhchavez@google.com> | 2017-11-16 15:52:00 -0800 |
|---|---|---|
| committer | Luis Hector Chavez <lhchavez@google.com> | 2017-11-17 09:11:37 -0800 |
| commit | 94fb5b0bef4ff7bd5c610ed5ebfad9c0ba41c62f (patch) | |
| tree | 9875617ef3617782dc88450c5850759e91afc2d5 /libcutils/socket_local_client_unix.cpp | |
| parent | 37eb97d911087992fb7dc986331e10a3c5a18d30 (diff) | |
init: Drop inheritable capabilities when switching uids
This change explicitly drops all inheritable capabilities (and, by
extension, ambient capabilities) when there are no explicit capabilities
being set by a service and the user is changed. This prevents Android
running in a container from accidentally granting extra capabilities to
services.
Bug: 69320306
Test: aosp_sailfish still boots
Test: sailfish:/ $ grep Cap /proc/`pidof android.hardware.audio@2.0-service`/status
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
Test: sailfish:/ $ grep Cap /proc/`pidof logd`/status
CapInh: 0000000000000000
CapPrm: 0000000440000000
CapEff: 0000000440000000
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
Test: Android in Chrome OS still boots
Test: localhost ~ # grep Cap /proc/`pidof android.hardware.audio@2.0-service`/status
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 000000006daefdff
CapAmb: 0000000000000000
Test: localhost ~ # grep Cap /proc/`pidof logd`/status
CapInh: 0000000000000000
CapPrm: 0000000040000000
CapEff: 0000000040000000
CapBnd: 000000006daefdff
CapAmb: 0000000000000000
Change-Id: I9218f2e27ff4fb4d91d50f9a98c0fdb4e272952c
Diffstat (limited to 'libcutils/socket_local_client_unix.cpp')
0 files changed, 0 insertions, 0 deletions