Project-1CE/system_core - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Nick Kralevich <nnk@google.com>	2013-02-15 14:39:15 -0800
committer	Nick Kralevich <nnk@google.com>	2013-02-15 21:22:19 -0800
commit	080427e4e2b1b72718b660e16b6cf38b3a3c4e3f (patch)
tree	8fe5959e9af28f94a8bcad9dd6837aefeaa8c1e9 /trusty/coverage/coverage_test.cpp
parent	bcfa910611b42018db580b3459101c564f802552 (diff)

adb: drop capability bounding set on user builds

run-as: don't require CAP_DAC_OVERRIDE. Prevent an adb spawned application from acquiring capabilities other than * CAP_NET_RAW * CAP_SETUID * CAP_SETGID The only privileged programs accessible on user builds are * /system/bin/ping * /system/bin/run-as and the capabilities above are sufficient to cover those two programs. If the kernel doesn't support file capabilities, we ignore a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could become a fatal error. Change-Id: I45a56712bfda35b5ad9378dde9e04ab062fe691a

Diffstat (limited to 'trusty/coverage/coverage_test.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: