Commit 1cc8a421 authored Oct 13, 2025 by Kameron Lutes Committed by Todd Kjos Oct 14, 2025

ANDROID: GKI: arm64 Enable SafeSetID to limit CAP_SET{U/G}ID capabilities



SafeSetID is an LSM module that gates the setid family of syscalls to
restrict UID/GID transitions from a given UID/GID to only those
approved by a system-wide whitelist. These restrictions also prohibit
the given UIDs/GIDs from obtaining auxiliary privileges associated
with CAP_SET{U/G}ID, such as allowing a user to set up user namespace
UID mappings.

Bug: 414893665
Change-Id: Ib363aa42e41cc2a58f89d8827fcd6e949f090c77
Signed-off-by: Kameron Lutes <kalutes@google.com>

parent d8c94a11

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 5447b676
· Nov 05, 2025

mentioned in commit 5447b676

mentioned in commit 5447b676a0344a90ffcc6348289c267c60172a13

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 1a16274e
· Nov 05, 2025

mentioned in commit 1a16274e

mentioned in commit 1a16274e7baaf83effbeb8ce076867ae903d6f77

Toggle commit list

Please to comment