Merge "vold: explicitly specify capabilities"

commit: 4af861b63176e70588335acad66e066d80bfe487 [log] [tgz]
author: Nikita Ioffe <ioffe@google.com> Tue Jan 03 13:18:36 2023 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Jan 03 13:18:36 2023 +0000
tree: d9ecb17885834e03f3997b896a630277f315653a
parent: 0777c5d6048eb2f36a4cd80a1dd4240ff71fae17 [diff]
parent: a4c5f57f6319dede10a08d695a02a98367038b49 [diff]
diff --git a/vold.rc b/vold.rc
index 9474a1e..466e2db 100644
--- a/vold.rc
+++ b/vold.rc

@@ -7,3 +7,5 @@
     shutdown critical
     group root reserved_disk
     reboot_on_failure reboot,vold-failed
+    # CAP_SETGID, CAP_SETUID, CAP_SYS_RESOURCE are not used by the vold itself, but instead are used by the /system/bin/sdcard that vold execs
+    capabilities CHOWN DAC_OVERRIDE DAC_READ_SEARCH FOWNER FSETID KILL MKNOD NET_ADMIN SYS_ADMIN SYS_CHROOT SYS_NICE SYS_PTRACE BLOCK_SUSPEND SETGID SETUID SYS_RESOURCE
commit	4af861b63176e70588335acad66e066d80bfe487	[log] [tgz]
author	Nikita Ioffe <ioffe@google.com>	Tue Jan 03 13:18:36 2023 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Jan 03 13:18:36 2023 +0000
tree	d9ecb17885834e03f3997b896a630277f315653a
parent	0777c5d6048eb2f36a4cd80a1dd4240ff71fae17 [diff]
parent	a4c5f57f6319dede10a08d695a02a98367038b49 [diff]