d392ac160c
Refine DAC security surrounding logd.daemon worker thread and add a
positive test for logd failure to access /data/system/packages.list.
- Add AID_PACKAGE_INFO to groups of worker thread.
- Move AID_SYSTEM to groups, setgid to AID_LOGD.
- Do not drop capabilities until after setting the uid and gids.
- Add a test that is part of logd.statistics test to check when
packagelistparser appears broken.
- If /data/system/packages.list is encrypted, ensure we do not pick
up the existing inode to ensure strong positive when finding access
problems.
- Replace all occurrences of NULL with nullptr in gTest code for
compliance with best practices.
Test: gTest logd-unit-tests --gtest_filter=logd.statistics
(expect consistent failure, later CLs fix)
Bug: 37751120
Bug: 36645158
Change-Id: I01b26fe5e25203246ae432d272c8daa9c07cab54
23 lines
622 B
Text
23 lines
622 B
Text
service logd /system/bin/logd
|
|
socket logd stream 0666 logd logd
|
|
socket logdr seqpacket 0666 logd logd
|
|
socket logdw dgram 0222 logd logd
|
|
file /proc/kmsg r
|
|
file /dev/kmsg w
|
|
user logd
|
|
group logd system package_info readproc
|
|
writepid /dev/cpuset/system-background/tasks
|
|
|
|
service logd-reinit /system/bin/logd --reinit
|
|
oneshot
|
|
disabled
|
|
user logd
|
|
group logd
|
|
writepid /dev/cpuset/system-background/tasks
|
|
|
|
on fs
|
|
write /dev/event-log-tags "# content owned by logd
|
|
"
|
|
chown logd logd /dev/event-log-tags
|
|
chmod 0644 /dev/event-log-tags
|
|
restorecon /dev/event-log-tags
|