replicant/core/run-as/package.c, branch master Patches not merged yet, used for building and testing them Switch run-as to libpackagelistparser. 2016-07-07T23:50:32+00:00 Elliott Hughes enh@google.com 2016-07-07T23:22:19+00:00 0c8bf5798f7beedcf7a1781501151d689b88fe98 We already have to have a Java and a native implementation; we don't need _two_ native implementations. Change-Id: I0201205ce5079ef9c747abc37b0c8122cf8fb136 
We already have to have a Java and a native implementation; we don't
need _two_ native implementations.

Change-Id: I0201205ce5079ef9c747abc37b0c8122cf8fb136
Extend run-as with optional --user argument. 2015-06-10T19:09:10+00:00 Oleksiy Vyalov ovyalov@google.com 2015-06-03T23:56:29+00:00 a08d313bb87279d2a203cded92669638e3458f5f 1. Calculate AID for spawned process as (100000 * $user) + uid_from_packages.list 2. Use /data/user/$user/$packageDir as a root of a new process if $user != 0. Change-Id: I761dfb481114bd51e5a950307fcaf403e96eef10 (cherry picked from commit da31778f3b422d9583f334273eb8d9f6aabd5d34) 
1. Calculate AID for spawned process as (100000 * $user) + uid_from_packages.list
2. Use /data/user/$user/$packageDir as a root of a new process if $user != 0.

Change-Id: I761dfb481114bd51e5a950307fcaf403e96eef10
(cherry picked from commit da31778f3b422d9583f334273eb8d9f6aabd5d34)
package missing include for string.h 2015-04-01T18:15:37+00:00 Mark Salyzyn salyzyn@google.com 2015-04-01T14:42:46+00:00 68ffc74e32dba4799ac3249c6835ca1ef2fe5f04 package.c gets string.h inherited from private/android_filesystem_config.h it should not rely on this in the future. The intent is to move fs_config function into libcutils and thus deprecate any need for string.h in this include file. Bug: 19908228 Change-Id: I5db6d0a88c5b1eb9f582284e9bdd220c096ea69a 
package.c gets string.h inherited from
private/android_filesystem_config.h it should
not rely on this in the future. The intent is
to move fs_config function into libcutils and
thus deprecate any need for string.h in this
include file.

Bug: 19908228
Change-Id: I5db6d0a88c5b1eb9f582284e9bdd220c096ea69a
run-as: build 1161573 failure 2014-05-08T21:18:23+00:00 Mark Salyzyn salyzyn@google.com 2014-05-08T21:09:01+00:00 2e6e2713fb71f7e18b782ac22a7b466545b79e89 - pointer to integer comparison. Change-Id: I4a12c357ff5eaf2fc08c19c9efe7e2d7cb0dbe2e 
- pointer to integer comparison.

Change-Id: I4a12c357ff5eaf2fc08c19c9efe7e2d7cb0dbe2e
 run-as: turn on -Werror 2014-05-07T23:56:21+00:00 Mark Salyzyn salyzyn@google.com 2014-04-30T23:14:42+00:00 b9f5a2b9a0f4f08050dd2b88c64493836edc74dd - remove an abandoned code fragment Change-Id: I32d4ad820772685c680d200dc00ef11d102c76bd 
- remove an abandoned code fragment

Change-Id: I32d4ad820772685c680d200dc00ef11d102c76bd
Enable run-as to read packages.list now owned by package_info. 2013-08-20T22:16:31+00:00 Alex Klyubin klyubin@google.com 2013-08-20T22:16:31+00:00 18860c524915bc991a9015bdbab32e918f5298d7 The group ownership of the package database /data/system/packages.list read by run-as was changed in 977a9f3b1a05e6168e8245a1e2061225b68b2b41 from "system" to "package_info". run-as currently changes its effective group to "system" and is thus unable to read the database. This CL fixes the issue by making run-as change its effective group to "package_info" for reading the package database. Bug: 10411916 Change-Id: Id23059bfb5b43264824917873a31c287f057ce4e 
The group ownership of the package database
/data/system/packages.list read by run-as was changed in
977a9f3b1a05e6168e8245a1e2061225b68b2b41 from "system" to
"package_info". run-as currently changes its effective group to
"system" and is thus unable to read the database.

This CL fixes the issue by making run-as change its effective group
to "package_info" for reading the package database.

Bug: 10411916
Change-Id: Id23059bfb5b43264824917873a31c287f057ce4e
Add legacy layout support to FUSE, enforce write. 2013-08-14T19:01:38+00:00 Jeff Sharkey jsharkey@android.com 2013-08-13T03:23:49+00:00 977a9f3b1a05e6168e8245a1e2061225b68b2b41 The legacy internal layout places users at the top-level of the filesystem, so handle with new PERM_LEGACY_PRE_ROOT when requested. Mirror single OBB directory between all users without requiring fancy bind mounts by letting a nodes graft in another part of the underlying tree. Move to everything having "sdcard_r" GID by default, and verify that calling apps hold "sdcard_rw" when performing mutations. Determines app group membership from new packages.list column. Flag to optionally enable sdcard_pics/sdcard_av permissions splitting. Flag to supply a default GID for all files. Ignore attempts to access security sensitive files. Fix run-as to check for new "package_info" GID. Change-Id: Id5f3680779109141c65fb8fa1daf56597f49ea0d 
The legacy internal layout places users at the top-level of the
filesystem, so handle with new PERM_LEGACY_PRE_ROOT when requested.

Mirror single OBB directory between all users without requiring fancy
bind mounts by letting a nodes graft in another part of the
underlying tree.

Move to everything having "sdcard_r" GID by default, and verify that
calling apps hold "sdcard_rw" when performing mutations. Determines
app group membership from new packages.list column.

Flag to optionally enable sdcard_pics/sdcard_av permissions
splitting. Flag to supply a default GID for all files. Ignore
attempts to access security sensitive files. Fix run-as to check for
new "package_info" GID.

Change-Id: Id5f3680779109141c65fb8fa1daf56597f49ea0d
am f19e045c: am c8df252f: Merge "run-as: Get seinfo from packages.list and pass to libselinux." 2013-03-28T21:32:49+00:00 Geremy Condra gcondra@google.com 2013-03-28T21:32:49+00:00 46e8991209508a9f5d59bf97ed39b791444dbaf7 * commit 'f19e045c58dafbdc46e848ec5a5c935f472dea34': run-as: Get seinfo from packages.list and pass to libselinux. 
* commit 'f19e045c58dafbdc46e848ec5a5c935f472dea34':
  run-as: Get seinfo from packages.list and pass to libselinux.
run-as: Get seinfo from packages.list and pass to libselinux. 2013-03-28T10:04:39+00:00 Robert Craig rpcraig@tycho.ncsc.mil 2013-03-26T12:09:09+00:00 fced3ded831cb084121b10a78c12de99c89004aa Change allows the proper seinfo value to be passed to libselinux to switch to the proper app security context before running the shell. Change-Id: I9d7ea47c920b1bc09a19008345ed7fd0aa426e87 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> 
Change allows the proper seinfo value to be passed
to libselinux to switch to the proper app security
context before running the shell.

Change-Id: I9d7ea47c920b1bc09a19008345ed7fd0aa426e87
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
adb: drop capability bounding set on user builds 2013-02-16T05:22:19+00:00 Nick Kralevich nnk@google.com 2013-02-15T22:39:15+00:00 080427e4e2b1b72718b660e16b6cf38b3a3c4e3f run-as: don't require CAP_DAC_OVERRIDE. Prevent an adb spawned application from acquiring capabilities other than * CAP_NET_RAW * CAP_SETUID * CAP_SETGID The only privileged programs accessible on user builds are * /system/bin/ping * /system/bin/run-as and the capabilities above are sufficient to cover those two programs. If the kernel doesn't support file capabilities, we ignore a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could become a fatal error. Change-Id: I45a56712bfda35b5ad9378dde9e04ab062fe691a 
run-as: don't require CAP_DAC_OVERRIDE.

Prevent an adb spawned application from acquiring capabilities
other than

* CAP_NET_RAW
* CAP_SETUID
* CAP_SETGID

The only privileged programs accessible on user builds are
* /system/bin/ping
* /system/bin/run-as

and the capabilities above are sufficient to cover those
two programs.

If the kernel doesn't support file capabilities, we ignore
a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
become a fatal error.

Change-Id: I45a56712bfda35b5ad9378dde9e04ab062fe691a