Project-1CE/system_core - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Mark Salyzyn <salyzyn@google.com>	2018-04-09 09:50:32 -0700
committer	Mark Salyzyn <salyzyn@google.com>	2018-04-16 14:51:56 -0700
commit	64d97d87611a39163aa121f17214f4a846954cee (patch)
tree	2aadfbf34c59d3107bd9030f4f635e8ab1829493 /trusty/coverage/coverage.cpp
parent	22dc27b9fa46b20aca4f5982979681a858a97284 (diff)

lmkd: limit capability set to minimum

Set F() capability set and 'drop' lmkd from AID_ROOT to AID_LMKD uid and from AID_ROOT to AID_LMKD and AID_SYSTEM gid. /dev/memcg/memory.pressure defaults to root.root mode 0000, set it up as root.system mode 0040 to allow lmkd read access. Instrument failure to set SCHED_FIFO. Annotate access points that require elevated capabilities. Test: check /proc/`pidof lmkd`/status for capability set Test: lmkd_unit_test Bug: 77650566 Change-Id: I986081a0434cf6e842b63a55726380205b30a3ea

Diffstat (limited to 'trusty/coverage/coverage.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: