Merge "odsign: explicitly specify empty capabilities"
diff --git a/ondevice-signing/odsign.rc b/ondevice-signing/odsign.rc
index de09fc0..b96c62f 100644
--- a/ondevice-signing/odsign.rc
+++ b/ondevice-signing/odsign.rc
@@ -3,6 +3,13 @@
user root
group system
disabled # does not start with the core class
+ # Explicitly specify empty capabilities, otherwise odsign will inherit all
+ # the capabilities from init.
+ # Note: whether a process can use capabilities is controlled by SELinux, so
+ # inheriting all the capabilities from init is not a security issue.
+ # However, for defense-in-depth and just for the sake of bookkeeping it's
+ # better to explicitly state that odsign doesn't need any capabilities.
+ capabilities
# Note that odsign is not oneshot, but stopped manually when it exits. This
# ensures that if odsign crashes during a module update, apexd will detect