From 918d4611096dbb72ea44f46c2d72ce2e36f38e3b Mon Sep 17 00:00:00 2001
From: Jorge Lucangeli Obes <jorgelo@google.com>
Date: Tue, 24 Jan 2017 16:18:21 -0500
Subject: mdnsd: Remove 'net_raw' GID.

The 'net_raw' GID is an Android addition that does not exist upstream.
It grants the CAP_NET_RAW capability. However, it does not appear to be
required for mdnsd. There are no raw sockets being created in the code:
mdnsresponder$ grep -R "socket(" * shows no use of raw sockets.

As per 'man capabilities(7)', CAP_NET_RAW is used for:
"""
* use RAW and PACKET sockets;
* bind to any address for transparent proxying.
"""

Removing this use of 'net_raw' will allow us to drop the kernel patches
that grant CAP_NET_RAW with the 'net_raw' GID.

Bug: 33938230
Test: 'start mdnsd' works.
Test: Install "Bonjour Browser" app, do a scan.
Test: 'adb logcat -b all -d | grep mDNS' shows mDNSResponder starting.
Change-Id: Idb67788d56115c1b36a97c1962fd03eb26e82a68
---
 mdnsd.rc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mdnsd.rc b/mdnsd.rc
index 2f35e21..0696ac5 100644
--- a/mdnsd.rc
+++ b/mdnsd.rc
@@ -1,7 +1,7 @@
 service mdnsd /system/bin/mdnsd
     class main
     user mdnsr
-    group inet net_raw
+    group inet
     socket mdnsd stream 0660 mdnsr inet
     disabled
     oneshot
-- 
cgit v1.2.3