- do not assume that caller has granted effective bits in capabilities
- only elevate capabilities when needed
- suppress capabilities before exec when called as shell,shell,shell
- some Android coding standard cleanup
Bug: 19908228
Change-Id: Ibe3d1c1a0fdcb54c41d7a72395e50ad749df98ce
In Android 4.3 the run-as binary no longer has the SUID/SGID bits
set. Instead, it requires to be installed with setuid and setgid
file-based capabilities. As a result of the above two changes, the
binary no longer executes as root when invoked by the "shell" user
but can still change its UID/GID to that of the target package.
Unfortunately, run-as attempts to chdir into the target package's
data directory before changing its effective UID/GID. As a result,
when run-as is invoked by the "shell" user, the chdir operation
fails.
The fix is for run-as to chdir after changing the effective UID/GID
to those of the target package.
Bug: 10154652
(cherry picked from commit f2904a7b63)
Change-Id: I0f6cb9efd49f5c2c491f7aa1d614d700a5ec2304
Change allows the proper seinfo value to be passed
to libselinux to switch to the proper app security
context before running the shell.
Change-Id: I9d7ea47c920b1bc09a19008345ed7fd0aa426e87
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Before invoking the specified command or a shell, set the
SELinux security context.
Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Typical usage is 'run-as <package-name> <command>' to run <command>
in the data directory, and the user id, of <package-name> if, and only
if <package-name> is the name of an installed and debuggable application.
This relies on the /data/system/packages.list file generated by the
PackageManager service.
BEWARE: This is intended to be available on production devices !