commit b728ecda2c015ac8995e6a11da2b941a5448fdd8
author Nikita Ioffe <ioffe@google.com> Thu Dec 29 23:12:33 2022 +0000
committer Nikita Ioffe <ioffe@google.com> Tue Jan 03 16:36:30 2023 +0000
tree 079a58e8352d2c07038fa5312639f5ce5f82642d
parent b333a400c96c6efe27adc0ec2be10bcba2a83466

boringssl self tests: explicitly specify empty capabilities

If a service doesn't specify any capabilities in it's definition in the
.rc file, then it will inherit all the capabilities from the init.
Although whether a process can use capabilities is actually controlled
by selinux (so inheriting all the init capabilities is not actually a
security vulnerability), it's better for defense-in-depth and just
bookkeeping to explicitly specify that boringssl_self_test doesn't need
any capabilities

The list of capabilities was obtained via:
```
$ adb pull /sys/fs/selinux/policy /tmp/selinux.policy
$ sesearch --allow -s boringssl_self_test -c capability,capability2 /tmp/selinux.policy
```

Bug: 249796710
Test: device boots
Test: presubmit
Change-Id: I866222e2325e59d7e39d00db59df7b83efc657d9