platform_system_core/lmkd/lmkd.rc at 146fd24c4bc8798fa3ed211f2f7bb3082566bf82 - tequilaOS/platform_system_core - gitownia.eu

tequilaOS/platform_system_core

Mark Salyzyn 64d97d8761 lmkd: limit capability set to minimum

Set F() capability set and 'drop' lmkd from AID_ROOT to AID_LMKD uid
and from AID_ROOT to AID_LMKD and AID_SYSTEM gid.

/dev/memcg/memory.pressure defaults to root.root mode 0000, set it up
as root.system mode 0040 to allow lmkd read access.

Instrument failure to set SCHED_FIFO.

Annotate access points that require elevated capabilities.

Test: check /proc/`pidof lmkd`/status for capability set
Test: lmkd_unit_test
Bug: 77650566
Change-Id: I986081a0434cf6e842b63a55726380205b30a3ea

2018-04-16 14:51:56 -07:00

8 lines

263 B

Text

Raw Blame History

 service lmkd /system/bin/lmkd
     class core
     user lmkd
     group lmkd system readproc
     capabilities DAC_OVERRIDE KILL IPC_LOCK SYS_NICE SYS_RESOURCE
     critical
     socket lmkd seqpacket 0660 system system
     writepid /dev/cpuset/system-background/tasks