dumpstate: call su before executing librank - platform/frameworks/native

diff options

author	Nick Kralevich <nnk@google.com>	2015-11-27 17:56:13 -0800
committer	Nick Kralevich <nnk@google.com>	2015-11-27 17:56:13 -0800
commit	b82c925d3cd54d5eff9f4f9e6d5aeb41f75365f5 (patch)
tree	a37416060d3d3417413a175e34fde700bf35b049 /libs/ui/FramebufferNativeWindow.cpp
parent	afc0f5551d7d886bb853fe0d27d50f1e4811ce9a (diff)

dumpstate: call su before executing librank

librank uses /proc/PID/pagemap . Rather than granting dumpstate CAP_SYS_ADMIN, have librank run from the SU domain. Addresses the following denial: avc: denied { sys_admin } for pid=6442 comm="librank" capability=21 scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=capability permissive=0 This also allows us to remove the setuid bit from librank, which will be done in a different commit. Bug: 25739721 Change-Id: Ibf20d67dbe01b95e5cbb860a7e0eb767b8beb74a

Diffstat (limited to 'libs/ui/FramebufferNativeWindow.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: