diff options
| author | 2023-01-03 16:12:05 +0000 | |
|---|---|---|
| committer | 2023-01-03 16:12:05 +0000 | |
| commit | 7ffeb3957c4ba60c9b3755cf6d9b409b25c6fdf3 (patch) | |
| tree | e2d68b631d1615ff629e3d12b91e8e1286b63284 /libs/gui/BLASTBufferQueue.cpp | |
| parent | dc44a31e26b918f21b4ed560d893a8cfe03d536b (diff) | |
dumpstate: explicitly specify capabilities
If a service doesn't specify any capabilities in it's definition in the
.rc file, then it will inherit all the capabilities from the init.
Although whether a process can use capabilities is actually controlled
by selinux (so inheriting all the init capabilities is not actually a
security vulnerability), it's better for defense-in-depth and just
bookkeeping to explicitly specify the capabilities that dumpstate needs.
The list of capabilities that dumpstate is allowed to use was obtained via:
```
$ adb pull /sys/fs/selinux/policy /tmp/selinux.policy
$ sesearch --allow -s dumpstate -c capability,capability2 /tmp/selinux.policy
allow dumpstate dumpstate:capability { chown dac_override dac_read_search fowner fsetid kill net_admin net_raw setgid setuid sys_ptrace sys_resource };
allow dumpstate dumpstate:capability2 { block_suspend syslog };
```
Note: dumpstate can transfer in several other domains, but all of them
either don't need any capabilities:
```
$ sesearch --allow -s vdc -c capability,capability2 /tmp/selinux.policy
$ sesearch --allow -s perfetto -c capability,capability2 /tmp/selinux.policy
$ sesearch --allow -s derive_sdk -c capability,capability2 /tmp/selinux.policy
```
Bug: 249796710
Test: atest BugreportManagerTestCases
Test: presubmit
Change-Id: I6f03675b60d69063c3d944b370f4a8d325cfa7f9
Diffstat (limited to 'libs/gui/BLASTBufferQueue.cpp')
0 files changed, 0 insertions, 0 deletions