Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / core / fe8135739c5a9195e74786205c077964ba4f9c44^! / . / include / private / android_filesystem_config.h
commitfe8135739c5a9195e74786205c077964ba4f9c44[log] [tgz]
authorNick Kralevich <nnk@google.com>Mon Feb 11 15:14:55 2013 -0800
committerNick Kralevich <nnk@google.com>Fri Mar 01 13:18:41 2013 -0800
tree348c4ca3d27cd7a8f815e3c85a300365adc7b5bb
parentcc4499b6fa9ad4cbe285d78754edcb6dd30ab893 [diff] [blame]
android_filesystem_config.h: change ping and run-as

/system/bin/ping no longer requires CAP_NET_RAW, as we're now
using IPPROTO_ICMP. Please see the following for more details:

* http://lwn.net/Articles/443051/
* https://android-review.googlesource.com/52090
* https://android-review.googlesource.com/52072

We can now make ping a normal, unprivileged program.

/system/bin/run-as only requires CAP_SETUID and CAP_SETGID.
Explicitly set the capabilities of this file, and remove
the setuid bit.

This is equivalent to running the following commands:

  * chmod 750 /system/bin/run-as
  * chown root:shell /system/bin/run-as
  * setcap cap_setgid,cap_setuid+ep /system/bin/run-as

Change-Id: I65df858b45e6de4e2190ac9d6d592c06ea9d28cf

diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h
index 03df585..53bd166 100644
--- a/include/private/android_filesystem_config.h
+++ b/include/private/android_filesystem_config.h

@@ -27,6 +27,12 @@
 #include <sys/types.h>
 #include <stdint.h>
 
+#ifdef HAVE_ANDROID_OS
+#include <linux/capability.h>
+#else
+#include "android_filesystem_capability.h"
+#endif
+
 /* This is the master Users and Groups config for the platform.
 ** DO NOT EVER RENUMBER.
 */
@@ -206,21 +212,24 @@
     { 00644, AID_MEDIA_RW,  AID_MEDIA_RW,  0, "data/media/*" },
     { 00644, AID_SYSTEM,    AID_SYSTEM,    0, "data/app-private/*" },
     { 00644, AID_APP,       AID_APP,       0, "data/data/*" },
-        /* the following two files are INTENTIONALLY set-gid and not set-uid.
-         * Do not change. */
-    { 02755, AID_ROOT,      AID_NET_RAW,   0, "system/bin/ping" },
+    { 00755, AID_ROOT,      AID_ROOT,      0, "system/bin/ping" },
+
+    /* the following file is INTENTIONALLY set-gid and not set-uid.
+     * Do not change. */
     { 02750, AID_ROOT,      AID_INET,      0, "system/bin/netcfg" },
-    	/* the following five files are INTENTIONALLY set-uid, but they
-	 * are NOT included on user builds. */
+
+    /* the following five files are INTENTIONALLY set-uid, but they
+     * are NOT included on user builds. */
     { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/su" },
     { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/librank" },
     { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procrank" },
     { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },
     { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/tcpdump" },
     { 04770, AID_ROOT,      AID_RADIO,     0, "system/bin/pppd-ril" },
-		/* the following file is INTENTIONALLY set-uid, and IS included
-		 * in user builds. */
-    { 06750, AID_ROOT,      AID_SHELL,     0, "system/bin/run-as" },
+
+    /* the following file has enhanced capabilities and IS included in user builds. */
+    { 00750, AID_ROOT,      AID_SHELL,     (1 << CAP_SETUID) | (1 << CAP_SETGID), "system/bin/run-as" },
+
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/*" },
     { 00755, AID_ROOT,      AID_ROOT,      0, "system/lib/valgrind/*" },
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/xbin/*" },