commit e242a7e71741ba644e79ba4d14d9123b0631996c
author Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Thu Feb 08 15:20:17 2024 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Feb 08 15:20:17 2024 +0000
tree bad6bbc5c9f5a6a0c9fbb06a8e7973334345d575
parent 15b5ee6405259043c8aa5970212631386e844e74
parent 9df1f6122fd965fd345a403080af84f37d8d6178

Merge "Fix comment to match code" into main am: 9df1f6122f

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/2953857

Change-Id: I0f38339ebb30628bc2e66bc20cefe5312f6c3697
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

compos/apex/composd.rc

diff --git a/compos/apex/composd.rc b/compos/apex/composd.rc
index aa4b575..55f3737 100644
--- a/compos/apex/composd.rc
+++ b/compos/apex/composd.rc
@@ -19,10 +19,7 @@
     interface aidl android.system.composd
     disabled
     oneshot
-    # Explicitly specify empty capabilities, otherwise composd will inherit all
-    # the capabilities from init.
-    # Note: whether a process can use capabilities is controlled by SELinux, so
-    # inheriting all the capabilities from init is not a security issue.
-    # However, for defense-in-depth and just for the sake of bookkeeping it's
-    # better to explicitly state that composd doesn't need any capabilities.
+    # We need SYS_NICE in order to allow the crosvm child process to use it.
+    # (b/322197421). composd itself never uses it (and isn't allowed to by
+    # SELinux).
     capabilities SYS_NICE