diff options
| author | Jin Qian <jinqian@google.com> | 2017-02-10 18:29:35 -0800 |
|---|---|---|
| committer | Jin Qian <jinqian@google.com> | 2017-02-10 18:33:13 -0800 |
| commit | 821eb0d007f4a48a2cf97f365c7f21801dc14031 (patch) | |
| tree | 3010a54a5e2ad4242817874197521e0ba2196da8 /storaged | |
| parent | dd41d6b17115f5592f184b17351383c1b06d6336 (diff) | |
| download | system_core-821eb0d007f4a48a2cf97f365c7f21801dc14031.tar.gz system_core-821eb0d007f4a48a2cf97f365c7f21801dc14031.tar.bz2 system_core-821eb0d007f4a48a2cf97f365c7f21801dc14031.zip | |
storaged: fix selinux dac_override denial
Bug: 35250057
Bug: 34198239
Change-Id: I18592d298765dc46ab05f25ae2ced0a5eddacc8b
Diffstat (limited to 'storaged')
| -rw-r--r-- | storaged/Android.mk | 1 | ||||
| -rw-r--r-- | storaged/main.cpp | 26 | ||||
| -rw-r--r-- | storaged/storaged.rc | 2 |
3 files changed, 2 insertions, 27 deletions
diff --git a/storaged/Android.mk b/storaged/Android.mk index 5abfb7ad5..2adb14daa 100644 --- a/storaged/Android.mk +++ b/storaged/Android.mk @@ -9,7 +9,6 @@ LIBSTORAGED_SHARED_LIBRARIES := \ libcutils \ liblog \ libsysutils \ - libcap \ libpackagelistparser \ libbatteryservice \ diff --git a/storaged/main.cpp b/storaged/main.cpp index 1103df22f..f5a8f3901 100644 --- a/storaged/main.cpp +++ b/storaged/main.cpp @@ -55,32 +55,6 @@ static int drop_privs() { if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) return -1; - if (prctl(PR_SET_KEEPCAPS, 1) < 0) return -1; - - std::unique_ptr<struct _cap_struct, int(*)(void *)> caps(cap_init(), cap_free); - if (cap_clear(caps.get()) < 0) return -1; - cap_value_t cap_value[] = { - CAP_SETGID, - CAP_SETUID - }; - if (cap_set_flag(caps.get(), CAP_PERMITTED, - arraysize(cap_value), cap_value, - CAP_SET) < 0) return -1; - if (cap_set_flag(caps.get(), CAP_EFFECTIVE, - arraysize(cap_value), cap_value, - CAP_SET) < 0) return -1; - if (cap_set_proc(caps.get()) < 0) - return -1; - - if (setgid(AID_SYSTEM) != 0) return -1; - - if (setuid(AID_SYSTEM) != 0) return -1; - - if (cap_set_flag(caps.get(), CAP_PERMITTED, 2, cap_value, CAP_CLEAR) < 0) return -1; - if (cap_set_flag(caps.get(), CAP_EFFECTIVE, 2, cap_value, CAP_CLEAR) < 0) return -1; - if (cap_set_proc(caps.get()) < 0) - return -1; - return 0; } diff --git a/storaged/storaged.rc b/storaged/storaged.rc index 53fdb85f5..bb7c623fd 100644 --- a/storaged/storaged.rc +++ b/storaged/storaged.rc @@ -2,3 +2,5 @@ service storaged /system/bin/storaged class main file /d/mmc0/mmc0:0001/ext_csd r writepid /dev/cpuset/system-background/tasks + user root + group system package_info
\ No newline at end of file |