Explicitly specify that composd doesn't need any capabilities
If a service doesn't specify any capabilities in it's definition in the
.rc file, then it will inherit all the capabilities from the init.
Although whether a process can use capabilities is actually controlled
by selinux (so inheriting all the init capabilities is not actually a
security vulnerability), it's better for defense-in-depth and just
bookkeeping to explicitly specify the capabilities that composd needs.
The list of capabilities that composd is allowed to use was obtained via:
```
$ adb pull /sys/fs/selinux/policy /tmp/selinux.policy
$ sesearch --allow -s composd -c capability,capability2 /tmp/selinux.policy
```
Bug: 249796710
Test: presubmit
Test: adb shell /apex/com.android.compos/bin/composd_cmd test-compile
Test: adb shell 'cat /proc/$(pidof composd)/status' | grep Cap
Change-Id: I7c65f6e0f472561a39f8e15d4632e9e83859a219
diff --git a/compos/apex/composd.rc b/compos/apex/composd.rc
index 3e2efb1..df04642 100644
--- a/compos/apex/composd.rc
+++ b/compos/apex/composd.rc
@@ -19,3 +19,10 @@
interface aidl android.system.composd
disabled
oneshot
+ # Explicitly specify empty capabilities, otherwise composd will inherit all
+ # the capabilities from init.
+ # Note: whether a process can use capabilities is controlled by SELinux, so
+ # inheriting all the capabilities from init is not a security issue.
+ # However, for defense-in-depth and just for the sake of bookkeeping it's
+ # better to explicitly state that composd doesn't need any capabilities.
+ capabilities