CAP_SYS_PTRACE is needed to ptrace processes that have capabilities
greater than their bounding set. Eventually, this will still be an
improvement, because we can ptrace attach, and then turn on a seccomp
filter that blocks further attaches.
Bug: http://b/34694637
Test: debuggerd `pidof system_server`
Change-Id: I4b9da164ec1fbb5060fdba590e886ac24b6a0785
The following files will be loaded additionally.
- /odm/default.prop and /vendor/default.prop for default props.
- /odm/build.prop for build props.
The props files must follow the following priority order.
- /default.prop > /odm/default.prop > /vendor/default.prop
- /system/build.prop > /odm/build.prop > /vendor/buid.prop
Test: tested default/build prop files with enabling early mount, but
didn't test files of odm partition because odm partition doesn't
exist now.
Bug: 34116668
Change-Id: I946d076dae38f2288865dd986fb16d801d4abcc0
Remove debuggerd in favor of a helper process that gets execed by
crashing processes.
Bug: http://b/30705528
Test: debuggerd_test
Change-Id: I9906c69473989cbf7fe5ea6cccf9a9c563d75906
Enforce that the only API for reading properties is through the property
server, not by reading the (system|vendor|rootfs) *.prop files.
Test: Device boots and no property errors.
Change-Id: Ibb6ed4e74a80cac00010c707d7574f8e92fc6448
Add CAP_SYSLOG, CAP_AUDIT_CONTROL and CAP_SETGID, set
uid and gid to AID_LOGD, and permissions user and group
read and execute only.
Fix up indents for in table for clarity.
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Manually inspect owner and group for /system/bin/logd
Bug: 32450474
Change-Id: I5183ab200dbcd13efb0727cb91db5b12018ae804
The webview_zygote is a non-root zygote process that creates isolated_app
children for rendering web content. It needs:
- CAP_SETUID and CAP_SETGID to change the UID of the new child process.
- CAP_SETPCAP to clear the capability bounding set after forking.
Test: m
Test: angler boots
Bug: 21643067
Change-Id: I986fa04be54e812f5dd2afa14e5d2d3e474e2b10
Add netlink permissions for the new wifi HAL daemon name.
Bug: 31821133
Test: Compiled and ensured that the permission denials are no longer
present in logs.
Change-Id: If939df4760d9f7e85f0f134617d3a79030e09347
Replace references to cutils/log.h and log/log.h with android/log.h.
Point cutils/log.h to android/log.h. Adjust header order to comply
with Android Coding standards.
Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: I4b00c0dff3a0a50cbb54301fdc5a6c29c21dab65
Bug: 30041118
Change-Id: I14d1fd601fc4bce12c563a2004e91bd8ba0f42c3
Test: hostapd can start as the wifi user with these capabilities.
(cherry picked from commit 2502490178)
(cherry picked from commit a76088362e)
Bug: 30041118
Change-Id: I14d1fd601fc4bce12c563a2004e91bd8ba0f42c3
Test: hostapd can start as the wifi user with these capabilities.
(cherry picked from commit 2502490178)
Default permission bits are 771. It causes permission denied errors when
MediaProvider tries to scan /data/preloads. We have to allow read for others.
Bug: 29940807
Change-Id: I45645cf1154501ccb64bef08b9ad7bf7709dfd8e
Codesearch finds no reference to this in the Android tree. It was
added in 2010 in commit bbf1c64527.
Change-Id: I8cd1153912b78b4b23b8f5ba2577a58c5c49e316
Anyone wanting to call /system/xbin/librank can execute "su"
beforehand. There's no need for it to be setuid root.
Bug: 25739721
Change-Id: Ie3d68701397d21e901bf1ec17b4b4a9f12128d2d
This is not an executable so we have to specifically set its permissions
accordingly.
Bug: 25668833
Change-Id: I502f69bad75b4da4fdc29eb3ebaa42a19ae04d27
This makes native test directories 750 root:shell. This matches the
value for files within those directories, and results in a more usable
access paradigm when (say) unprivileged test tools need to discover
these test binaries.
Bug: 25668833
Change-Id: I9bd2081b2c211b4383b5873238aaf64597756714
Make test files under /data/nativetest{,64} 0750 root:shell
to avoid needing to manually chmod them.
Bug: 25340994
Change-Id: I174cc226195907c0effa99063a8aa0082f85722b
procrank only exists on userdebug/eng builds. For those builds,
procrank can be executed by running "su 0 procrank" instead of
relying on the binary being setuid root. This reduces the number
of setuid binaries on Android and allows for the deletion of
SELinux policy to support this.
Bug: 18342188
Change-Id: I982283f2e0f6fbe5efaffc08501c1ec175f65373
/system/etc/recovery.img defaults to 0644. Change it to 0440.
Bug: 22641135
Change-Id: I45cdb0cc1b58f35fbcd0f16e7cc6c4eef63b0b74
(cherry picked from commit b602e6f9a3)
Using a getenv('OUT') in such a deep down function is a wrong design
choice. Replacing with explicit parameter that may be NULL in case
device specific files can be accessed from /.
Since TARGET_COPY_OUT_SYSTEM may be defined to something different than
system we also ensure that we use a path relative to TARGET_OUT to
compute path to fs_config_* files.
Bug: 21989305
Bug: 22048934
Change-Id: Id91bc183b29beac7379d1117ad83bd3346e6897b
Signed-off-by: Thierry Strudel <tstrudel@google.com>
When the ramdisk is built into the system image, we need to create
those folders during the build.
Change-Id: I40881940c75e379d7599dc1f743b35fbc7cc66e8
Intention is to read from ${OUT}/system/etc/fs_config_dirs and
${OUT}/system/etc/fs_config_files on host. And
/system/etc/fs_config_dirs and /system/etc/config_files
on target systems.
Bug: 19908228
Change-Id: Ieaedd99e88c7f7f717878d9344c387ddf335ccbb
Intention is to read from ${OUT}/system/etc/fs_config_dirs and
${OUT}/system/etc/fs_config_files on host. And
/system/etc/fs_config_dirs and /system/etc/config_files
on target systems.
Bug: 19908228
Change-Id: I0966a94f79a3fae4f7325056c701ea355370f9df
