tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_core/rootdir
History
Nick Kralevich c39ba5ae32 Enable hidepid=2 on /proc 
Add the following mount options to the /proc filesystem:

  hidepid=2,gid=3009

This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).

Please see
  https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.

hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.

Add AID_READPROC to processes which need to access /proc entries for
other UIDs.

Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
2015-11-09 09:08:46 -08:00
..
etc Remove long-obsolete file. 2015-04-23 20:57:12 -07:00
Android.mk rootdir: Allow board specific folders and symlinks in root directory 2015-11-02 12:47:46 -08:00
asan.options Disable container overflow detect on target. 2015-10-23 14:57:47 -07:00
init.environ.rc.in am eaa97876: am 2e8d31f6: Merge "SANITIZE_TARGET: set global ASAN_OPTIONS" 2015-06-24 18:12:24 +00:00
init.rc Enable hidepid=2 on /proc 2015-11-09 09:08:46 -08:00
init.usb.configfs.rc init: usb: Add configfs commands for USB gadget 2015-09-08 20:13:37 -07:00
init.usb.rc am 100de590: am 5e294902: Merge "init.usb.rc: fix USB typec property names" into mnc-dr-dev 2015-09-04 20:06:28 +00:00
init.zygote32.rc Add zygote to the foreground cpuset. 2015-09-02 11:39:05 -07:00
init.zygote32_64.rc Add zygote to the foreground cpuset. 2015-09-02 11:39:05 -07:00
init.zygote64.rc Add zygote to the foreground cpuset. 2015-09-02 11:39:05 -07:00
init.zygote64_32.rc Add zygote to the foreground cpuset. 2015-09-02 11:39:05 -07:00
ueventd.rc rootdir: add permission for /dev/dvb* 2015-05-07 16:49:00 +09:00