shamu: remove root user from qmuxd and add CAP_BLOCK_SUSPEND

Bug: 21659407
Change-Id: I2c8eb8ac514c6094ac059dfe3472868857da1ae7

3 files changed, 43 insertions, 1 deletions

diff --git a/android_filesystem_config.h b/android_filesystem_config.h
new file mode 100644
index 00000000..b21ad101
--- /dev/null
+++ b/android_filesystem_config.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* This file is used to define the properties of the filesystem
+** images generated by build tools (mkbootfs and mkyaffs2image) and
+** by the device side of adb.
+*/
+
+#include <private/android_filesystem_config.h>
+
+#define NO_ANDROID_FILESYSTEM_CONFIG_DEVICE_DIRS
+/* static const struct fs_path_config android_device_dirs[] = { }; */
+
+/* Rules for files.
+** These rules are applied based on "first match", so they
+** should start with the most specific path and work their
+** way up to the root. Prefixes ending in * denotes wildcard
+** and will allow partial matches.
+*/
+static const struct fs_path_config android_device_files[] = {
+    { 00700, AID_RADIO,     AID_SHELL,     (1ULL << CAP_BLOCK_SUSPEND), "system/bin/qmuxd" },
+#ifdef NO_ANDROID_FILESYSTEM_CONFIG_DEVICE_DIRS
+    { 00000, AID_ROOT,      AID_ROOT,      0, "system/etc/fs_config_dirs" },
+#endif
+};
diff --git a/device.mk b/device.mk
index e163bd14..5a412f03 100644
--- a/device.mk
+++ b/device.mk
@@ -344,6 +344,10 @@ PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \
 PRODUCT_PACKAGES += \
     power.shamu
 
+# For android_filesystem_config.h
+PRODUCT_PACKAGES += \
+   fs_config_files
+
 PRODUCT_PROPERTY_OVERRIDES += \
    ro.frp.pst=/dev/block/platform/msm_sdcc.1/by-name/frp
 
diff --git a/init.shamu.rc b/init.shamu.rc
index 54853b54..63e71444 100644
--- a/init.shamu.rc
+++ b/init.shamu.rc
@@ -367,7 +367,7 @@ service bridgemgrd /system/bin/bridgemgrd
 # QMUX must be in multiple groups to support external process connections
 service qmuxd /system/bin/qmuxd
     class main
-    user root
+    user radio
     group radio audio bluetooth gps
 
 service netmgrd /system/bin/netmgrd