| commit | 3253d200962db3c3ec8de3522c5afeb4bebb08d4 | [log] [tgz] |
|---|---|---|
| author | Nikita Ioffe <ioffe@google.com> | Thu Dec 29 22:54:11 2022 +0000 |
| committer | Nikita Ioffe <ioffe@google.com> | Thu Dec 29 22:54:11 2022 +0000 |
| tree | 63eea124d2eb54244ecbda49e1283f36d71cc307 | |
| parent | 41eb7240a9352f86867c9e6e6091eda33194a0c3 [diff] |
Explicitly specify that composd doesn't need any capabilities If a service doesn't specify any capabilities in it's definition in the .rc file, then it will inherit all the capabilities from the init. Although whether a process can use capabilities is actually controlled by selinux (so inheriting all the init capabilities is not actually a security vulnerability), it's better for defense-in-depth and just bookkeeping to explicitly specify the capabilities that composd needs. The list of capabilities that composd is allowed to use was obtained via: ``` $ adb pull /sys/fs/selinux/policy /tmp/selinux.policy $ sesearch --allow -s composd -c capability,capability2 /tmp/selinux.policy ``` Bug: 249796710 Test: presubmit Test: adb shell /apex/com.android.compos/bin/composd_cmd test-compile Test: adb shell 'cat /proc/$(pidof composd)/status' | grep Cap Change-Id: I7c65f6e0f472561a39f8e15d4632e9e83859a219
This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.