Commit 1a16274e authored Oct 13, 2025 by Kameron Lutes Committed by Treehugger Robot Oct 16, 2025

ANDROID: GKI: arm64 Enable SafeSetID to limit CAP_SET{U/G}ID capabilities



SafeSetID is an LSM module that gates the setid family of syscalls to
restrict UID/GID transitions from a given UID/GID to only those
approved by a system-wide whitelist. These restrictions also prohibit
the given UIDs/GIDs from obtaining auxiliary privileges associated
with CAP_SET{U/G}ID, such as allowing a user to set up user namespace
UID mappings.

Bug: 414893665
Change-Id: Ib363aa42e41cc2a58f89d8827fcd6e949f090c77
Signed-off-by: Kameron Lutes <kalutes@google.com>
(cherry picked from commit 1cc8a421)

parent 101347b9

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 8979fee4
· Nov 05, 2025

mentioned in commit 8979fee4

mentioned in commit 8979fee435bfd762771c71f3cf99f6f279038337

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 6b6ffe2c
· Nov 05, 2025

mentioned in commit 6b6ffe2c

mentioned in commit 6b6ffe2c091924ce45dff6afb5304312a64ed6f0

Toggle commit list

Please to comment