platform_system_core/lmkd
Nick Kralevich c39ba5ae32 Enable hidepid=2 on /proc
Add the following mount options to the /proc filesystem:

  hidepid=2,gid=3009

This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).

Please see
  https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.

hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.

Add AID_READPROC to processes which need to access /proc entries for
other UIDs.

Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
2015-11-09 09:08:46 -08:00
..
Android.mk bundle init.rc contents with its service 2015-08-21 10:14:43 -07:00
lmkd.c Lmkd: Fix unused variables 2014-11-24 20:32:42 -08:00
lmkd.rc Enable hidepid=2 on /proc 2015-11-09 09:08:46 -08:00