Commit Graph

6 Commits

Author SHA1 Message Date
Jorge Lucangeli Obes a377ff0d4a run-as: Use Minijail for privilege dropping.
Arguably, we don't need a ScopedMinijail for a program that only execs,
but I'd rather keep the code consistent and have all uses of Minijail
be good examples.

Bug: 30156807

Change-Id: I08a968835e0f3e2afcd5e7736626edbed658cde2
2016-07-19 11:03:52 -04:00
Elliott Hughes 0c8bf5798f Switch run-as to libpackagelistparser.
We already have to have a Java and a native implementation; we don't
need _two_ native implementations.

Change-Id: I0201205ce5079ef9c747abc37b0c8122cf8fb136
2016-07-07 16:50:32 -07:00
Mark Salyzyn b9f5a2b9a0 run-as: turn on -Werror
- remove an abandoned code fragment

Change-Id: I32d4ad820772685c680d200dc00ef11d102c76bd
2014-05-07 16:56:21 -07:00
Stephen Smalley 4ead8beac8 run-as: set the SELinux security context.
Before invoking the specified command or a shell, set the
SELinux security context.

Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-11-13 12:56:48 -05:00
Nick Kralevich b2d8f896b6 Don't statically compile run-as
Bug: 5904033
Change-Id: Ie815f09a2bf51ad583ded82f652d162a7f70b87e
2012-01-23 11:10:06 -08:00
David 'Digit' Turner 1f4d95296a Add 'run-as' command implementation as set-uid program.
Typical usage is 'run-as <package-name> <command>' to run <command>
in the data directory, and the user id, of <package-name> if, and only
if <package-name> is the name of an installed and debuggable application.

This relies on the /data/system/packages.list file generated by the
PackageManager service.

BEWARE: This is intended to be available on production devices !
2010-03-17 11:02:08 -07:00