Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / f1e3bfff40560c311c00474e640f59fc950acf5c
commitf1e3bfff40560c311c00474e640f59fc950acf5c[log] [tgz]
authorNikita Ioffe <ioffe@google.com>Thu Dec 22 16:05:40 2022 +0000
committerNikita Ioffe <ioffe@google.com>Thu Dec 22 22:08:49 2022 +0000
treebefa88fb8745c507c88725fd8f7a87e3a37139d3
parentcc2e7c21a29ac0a68657fe357d02283eaf08527e [diff]
host_init_verifier: add check for root services and linux capabilities

If a service that runs under root doesn't have the capabilities field in
it's definition, then it will inherit all the capabilities that init
has.

This change adds a linter to detect such services and ask developers to
explicitly specify capabilities that their service needs. If service
doesn't require any capabilities then empty capabilities fields should
be added in the service definition.

The actual access control list on what capabilities a process can use is
controlled by the SELinux, so inheriting all the init capabilities is
not a security issue here. However, asking services to explicitly
specify the capabilities they need is a good defense-in-depth mechanism.

So far this linter only checks the services on /system partition.

All currently offending services are added to the exempt list. I will
work on fixing some of them in the follow-up changes.

Bug: 249796710
Test: m dist
Change-Id: I2db06af165ae320a9c5086756067dceef20cd28d
2 files changed
tree: befa88fb8745c507c88725fd8f7a87e3a37139d3
  1. bootstat/
  2. cli-test/
  3. code_coverage/
  4. debuggerd/
  5. diagnose_usb/
  6. fastboot/
  7. fs_mgr/
  8. gatekeeperd/
  9. healthd/
  10. include/
  11. init/
  12. janitors/
  13. libappfuse/
  14. libasyncio/
  15. libbinderwrapper/
  16. libcrypto_utils/
  17. libcutils/
  18. libdiskconfig/
  19. libgrallocusage/
  20. libkeyutils/
  21. libmodprobe/
  22. libnetutils/
  23. libpackagelistparser/
  24. libprocessgroup/
  25. libsparse/
  26. libstats/
  27. libsuspend/
  28. libsync/
  29. libsystem/
  30. libsysutils/
  31. libusbhost/
  32. libutils/
  33. libvndksupport/
  34. llkd/
  35. mini_keyctl/
  36. mkbootfs/
  37. property_service/
  38. reboot/
  39. rootdir/
  40. run-as/
  41. sdcard/
  42. shell_and_utilities/
  43. storaged/
  44. toolbox/
  45. trusty/
  46. usbd/
  47. watchdogd/
  48. .clang-format.clang-format-4
  49. .clang-format-2 ⇨ ../../build/soong/scripts/system-clang-format-2
  50. .clang-format-4 ⇨ ../../build/soong/scripts/system-clang-format
  51. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  52. .gitignore
  53. CleanSpec.mk
  54. METADATA
  55. MODULE_LICENSE_APACHE2
  56. OWNERS
  57. PREUPLOAD.cfg