diff options
author | Gilad Arnold <garnold@google.com> | 2015-08-31 22:13:57 -0700 |
---|---|---|
committer | Gilad Arnold <garnold@google.com> | 2015-08-31 22:16:07 -0700 |
commit | 5dc2a431699336ef28d568ca41563e9f6ab84093 (patch) | |
tree | 671405e3eca9713be4182a9f20307bf8d37a3fb8 | |
parent | e779a4ea234801eb279f378b6999705f10cd5abc (diff) | |
download | tlsdate-5dc2a431699336ef28d568ca41563e9f6ab84093.tar.gz |
Run tlsdated as root.
This is actually needed so it can drop privileges shortly after
starting.
Bug: 22373707
Change-Id: Ie114a96b80bc5e50525411904c1266fa7072ded0
-rw-r--r-- | Android.mk | 18 | ||||
-rw-r--r-- | init/tlsdated.rc | 7 |
2 files changed, 8 insertions, 17 deletions
@@ -79,6 +79,7 @@ include $(BUILD_NATIVE_TEST) include $(CLEAR_VARS) LOCAL_MODULE := tlsdated +LOCAL_INIT_RC := init/tlsdated.rc LOCAL_REQUIRED_MODULES := tlsdated.rc LOCAL_SRC_FILES := $(tlsdate_tlsdated_sources) LOCAL_CFLAGS := -DTLSDATED_MAIN @@ -95,20 +96,3 @@ LOCAL_SRC_FILES := \ LOCAL_SHARED_LIBRARIES := $(tlsdate_common_shared_libs) $(eval $(tlsdate_common)) include $(BUILD_NATIVE_TEST) - - -ifdef INITRC_TEMPLATE -include $(CLEAR_VARS) -LOCAL_MODULE := tlsdated.rc -LOCAL_MODULE_CLASS := ETC -LOCAL_MODULE_PATH := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_INITRCD) - -include $(BUILD_SYSTEM)/base_rules.mk - -.PHONY: $(LOCAL_BUILT_MODULE) -$(LOCAL_BUILT_MODULE): my_args := \ - -v -l -s -- /system/bin/tlsdate -v -C /system/etc/security/cacerts -l -$(LOCAL_BUILT_MODULE): my_groups := inet -$(LOCAL_BUILT_MODULE): $(INITRC_TEMPLATE) - $(call generate-initrc-file,tlsdated,$(my_args),$(my_groups)) -endif diff --git a/init/tlsdated.rc b/init/tlsdated.rc new file mode 100644 index 0000000..3a3a74a --- /dev/null +++ b/init/tlsdated.rc @@ -0,0 +1,7 @@ +# Init file for starting tlsdated on Android. +service tlsdated /system/bin/tlsdated -v -l -s -- /system/bin/tlsdate -v -C /system/etc/security/cacerts -l + class main + # This daemon needs to start as root and drops privileges early on. + user root + group system + seclabel u:r:brillo:s0 |