Merge "Grant SYS_NICE for odsign" into main am: 94646d7d19 am: 6163cfb24c

Original change: https://android-review.googlesource.com/c/platform/system/security/+/2978554 Change-Id: I0b9175194058daf9bf91663ae5b32e212f5c0815 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-27 17:30:16 +00:00 · 2024-02-27 17:30:16 +00:00 · 92e62bcfbf
commit 92e62bcfbf
parent 080aae8869 6163cfb24c
1 changed files with 4 additions and 7 deletions
--- a/ondevice-signing/odsign.rc
+++ b/ondevice-signing/odsign.rc
@ -3,13 +3,10 @@ service odsign /system/bin/odsign
    user root
    group system
    disabled # does not start with the core class
-    # Explicitly specify empty capabilities, otherwise odsign will inherit all
-    # the capabilities from init.
-    # Note: whether a process can use capabilities is controlled by SELinux, so
-    # inheriting all the capabilities from init is not a security issue.
-    # However, for defense-in-depth and just for the sake of bookkeeping it's
-    # better to explicitly state that odsign doesn't need any capabilities.
-    capabilities
+    # We need SYS_NICE in order to allow the crosvm child process to use it.
+    # (b/322197421). odsign itself never uses it (and isn't allowed to by
+    # SELinux).
+    capabilities SYS_NICE

 # Note that odsign is not oneshot, but stopped manually when it exits. This
 # ensures that if odsign crashes during a module update, apexd will detect