Skip to content
Snippets Groups Projects
Commit 847bfa4a authored by Jorge Lucangeli Obes's avatar Jorge Lucangeli Obes
Browse files

init: Allow SETPCAP for dropping bounding set. 

This is required for https://android-review.googlesource.com/#/c/295748
so that init can drop the capability bounding set for services.

Bug: 32438163
Test: With 295748 and a test service using ambient capabilities.
Change-Id: I57788517cfe2ef0e7a2f1dfab94d0cb967ede065
parent e112faea
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 2 deletions
public/init.te
+ 2
2
View file @ 847bfa4a
...@@ -246,8 +246,8 @@ allow init vold_data_file:file { getattr }; ...@@ -246,8 +246,8 @@ allow init vold_data_file:file { getattr };
allow init shell_data_file:dir { open create read getattr setattr search }; allow init shell_data_file:dir { open create read getattr setattr search };
allow init shell_data_file:file { getattr }; allow init shell_data_file:file { getattr };
# Set UID and GID for services. # Set UID, GID, and adjust capability bounding set for services.
allow init self:capability { setuid setgid }; allow init self:capability { setuid setgid setpcap };
# For bootchart to read the /proc/$pid/cmdline file of each process, # For bootchart to read the /proc/$pid/cmdline file of each process,
# we need to have following line to allow init to have access # we need to have following line to allow init to have access
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment