Move hostapd to /vendor/bin/ because it's only used by WIFI HAL.
Bug: 34236942
Bug: 34237659
Test: Hotspot works fine. Integration test.
Change-Id: I8d9f51ed85a0614bf0141461dabeddae094ad4e0
There's no reason for SELinux policy compiler to be accessible by
anybode other than root.
Test: Device boots -- secilc isn't used yet anyway
Bug: 31363362
Change-Id: I26cf34f1412b8dd471f79271c491b473617a6df6
CAP_SYS_PTRACE is needed to ptrace processes that have capabilities
greater than their bounding set. Eventually, this will still be an
improvement, because we can ptrace attach, and then turn on a seccomp
filter that blocks further attaches.
Bug: http://b/34694637
Test: debuggerd `pidof system_server`
Change-Id: I4b9da164ec1fbb5060fdba590e886ac24b6a0785
The following files will be loaded additionally.
- /odm/default.prop and /vendor/default.prop for default props.
- /odm/build.prop for build props.
The props files must follow the following priority order.
- /default.prop > /odm/default.prop > /vendor/default.prop
- /system/build.prop > /odm/build.prop > /vendor/buid.prop
Test: tested default/build prop files with enabling early mount, but
didn't test files of odm partition because odm partition doesn't
exist now.
Bug: 34116668
Change-Id: I946d076dae38f2288865dd986fb16d801d4abcc0
Remove debuggerd in favor of a helper process that gets execed by
crashing processes.
Bug: http://b/30705528
Test: debuggerd_test
Change-Id: I9906c69473989cbf7fe5ea6cccf9a9c563d75906
Enforce that the only API for reading properties is through the property
server, not by reading the (system|vendor|rootfs) *.prop files.
Test: Device boots and no property errors.
Change-Id: Ibb6ed4e74a80cac00010c707d7574f8e92fc6448
Add CAP_SYSLOG, CAP_AUDIT_CONTROL and CAP_SETGID, set
uid and gid to AID_LOGD, and permissions user and group
read and execute only.
Fix up indents for in table for clarity.
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Manually inspect owner and group for /system/bin/logd
Bug: 32450474
Change-Id: I5183ab200dbcd13efb0727cb91db5b12018ae804
The webview_zygote is a non-root zygote process that creates isolated_app
children for rendering web content. It needs:
- CAP_SETUID and CAP_SETGID to change the UID of the new child process.
- CAP_SETPCAP to clear the capability bounding set after forking.
Test: m
Test: angler boots
Bug: 21643067
Change-Id: I986fa04be54e812f5dd2afa14e5d2d3e474e2b10
Add netlink permissions for the new wifi HAL daemon name.
Bug: 31821133
Test: Compiled and ensured that the permission denials are no longer
present in logs.
Change-Id: If939df4760d9f7e85f0f134617d3a79030e09347
Replace references to cutils/log.h and log/log.h with android/log.h.
Point cutils/log.h to android/log.h. Adjust header order to comply
with Android Coding standards.
Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: I4b00c0dff3a0a50cbb54301fdc5a6c29c21dab65
Bug: 30041118
Change-Id: I14d1fd601fc4bce12c563a2004e91bd8ba0f42c3
Test: hostapd can start as the wifi user with these capabilities.
(cherry picked from commit 2502490178)
(cherry picked from commit a76088362e)
Bug: 30041118
Change-Id: I14d1fd601fc4bce12c563a2004e91bd8ba0f42c3
Test: hostapd can start as the wifi user with these capabilities.
(cherry picked from commit 2502490178)
Default permission bits are 771. It causes permission denied errors when
MediaProvider tries to scan /data/preloads. We have to allow read for others.
Bug: 29940807
Change-Id: I45645cf1154501ccb64bef08b9ad7bf7709dfd8e
Codesearch finds no reference to this in the Android tree. It was
added in 2010 in commit bbf1c64527.
Change-Id: I8cd1153912b78b4b23b8f5ba2577a58c5c49e316
Anyone wanting to call /system/xbin/librank can execute "su"
beforehand. There's no need for it to be setuid root.
Bug: 25739721
Change-Id: Ie3d68701397d21e901bf1ec17b4b4a9f12128d2d
This is not an executable so we have to specifically set its permissions
accordingly.
Bug: 25668833
Change-Id: I502f69bad75b4da4fdc29eb3ebaa42a19ae04d27
This makes native test directories 750 root:shell. This matches the
value for files within those directories, and results in a more usable
access paradigm when (say) unprivileged test tools need to discover
these test binaries.
Bug: 25668833
Change-Id: I9bd2081b2c211b4383b5873238aaf64597756714
Po-Chien Hsueh