diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp index f6f7128b0..0f2b46075 100644 --- a/libcutils/fs_config.cpp +++ b/libcutils/fs_config.cpp @@ -122,6 +122,12 @@ static const char* conf[][2] = { {odm_conf_file, odm_conf_dir}, }; +// Do not use android_files to grant Linux capabilities. Use ambient capabilities in their +// associated init.rc file instead. See https://source.android.com/devices/tech/config/ambient. + +// Do not place any new vendor/, data/vendor/, etc entries in android_files. +// Vendor entries should be done via a vendor or device specific config.fs. +// See https://source.android.com/devices/tech/config/filesystem#using-file-system-capabilities static const struct fs_path_config android_files[] = { // clang-format off { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app/*" }, @@ -185,24 +191,6 @@ static const struct fs_path_config android_files[] = { // Support FIFO scheduling mode in SurfaceFlinger. { 00755, AID_SYSTEM, AID_GRAPHICS, CAP_MASK_LONG(CAP_SYS_NICE), "system/bin/surfaceflinger" }, - - // Support hostapd administering a network interface. - { 00755, AID_WIFI, AID_WIFI, CAP_MASK_LONG(CAP_NET_ADMIN) | - CAP_MASK_LONG(CAP_NET_RAW), - "vendor/bin/hostapd" }, - - // Support Bluetooth legacy hal accessing /sys/class/rfkill - // Support RT scheduling in Bluetooth - { 00700, AID_BLUETOOTH, AID_BLUETOOTH, CAP_MASK_LONG(CAP_NET_ADMIN) | - CAP_MASK_LONG(CAP_SYS_NICE), - "vendor/bin/hw/android.hardware.bluetooth@1.0-service" }, - - // Support wifi_hal_legacy administering a network interface. - { 00755, AID_WIFI, AID_WIFI, CAP_MASK_LONG(CAP_NET_ADMIN) | - CAP_MASK_LONG(CAP_NET_RAW) | - CAP_MASK_LONG(CAP_SYS_MODULE), - "vendor/bin/hw/android.hardware.wifi@1.0-service" }, - // generic defaults { 00755, AID_ROOT, AID_ROOT, 0, "bin/*" }, { 00640, AID_ROOT, AID_SHELL, 0, "fstab.*" },