Merge "init: Allow SETPCAP for dropping bounding set."

am: 02c8383521 Change-Id: Ia923906119e34aa64c8a81fa53b8b53b4dc4af46
2016-11-01 20:28:16 +00:00 · 2016-11-01 20:28:16 +00:00 · 52dd15a0c1
commit 52dd15a0c1
parent a9aac6a9bf 02c8383521
1 changed files with 2 additions and 2 deletions
--- a/public/init.te
+++ b/public/init.te
@ -246,8 +246,8 @@ allow init vold_data_file:file { getattr };
 allow init shell_data_file:dir { open create read getattr setattr search };
 allow init shell_data_file:file { getattr };

-# Set UID and GID for services.
-allow init self:capability { setuid setgid };
+# Set UID, GID, and adjust capability bounding set for services.
+allow init self:capability { setuid setgid setpcap };

 # For bootchart to read the /proc/$pid/cmdline file of each process,
 # we need to have following line to allow init to have access