allow adbd setpcap
adbd uses setpcap to drop capabilities from the bounding set on user builds. See system/core commit 080427e4e2b1b72718b660e16b6cf38b3a3c4e3f Change-Id: I6aec8d321b8210ea50a56aeee9bc94738514beab
This commit is contained in:
Nick Kralevich
parent
06a0d78621
commit
40ce0bb81b
1 changed files with 3 additions and 0 deletions
3
adbd.te
3
adbd.te
|
|
@ -12,6 +12,9 @@ allow adbd shell:process noatsecure;
|
|||
# Set UID and GID to shell. Set supplementary groups.
|
||||
allow adbd self:capability { setuid setgid };
|
||||
|
||||
# Drop capabilities from bounding set on user builds.
|
||||
allow adbd self:capability setpcap;
|
||||
|
||||
# Create and use network sockets.
|
||||
net_domain(adbd)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue