diff options
author | Gilad Arnold <garnold@google.com> | 2015-09-01 18:10:59 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-09-01 18:10:59 +0000 |
commit | 055d281f061421a032b9aec4929986f3545f912b (patch) | |
tree | aa0cd5e1ffa15154ac7e0a874d5722b0f155f839 | |
parent | 18f2fc496305e80e9e1c63e36ac41ebbe995994c (diff) | |
parent | 9451a040340733ef044493ca396d8fb087df59e0 (diff) | |
download | tlsdate-055d281f061421a032b9aec4929986f3545f912b.tar.gz |
am 9451a040: Drop privileges to nobody:nobody, use supplementary groups as needed.
* commit '9451a040340733ef044493ca396d8fb087df59e0':
Drop privileges to nobody:nobody, use supplementary groups as needed.
-rw-r--r-- | config.h | 4 | ||||
-rw-r--r-- | init/tlsdated.rc | 2 |
2 files changed, 3 insertions, 3 deletions
@@ -246,10 +246,10 @@ /* TODO(b/23651876) Reserve proper unprivileged uid/gid for the helper. */ /* Unprivileged group */ -#define UNPRIV_GROUP "inet" +#define UNPRIV_GROUP "nobody" /* Unprivileged user */ -#define UNPRIV_USER "inet" +#define UNPRIV_USER "nobody" /* if PolarSSL is enabled */ /* #undef USE_POLARSSL */ diff --git a/init/tlsdated.rc b/init/tlsdated.rc index 2418255..87468af 100644 --- a/init/tlsdated.rc +++ b/init/tlsdated.rc @@ -1,5 +1,5 @@ # Init file for starting tlsdated on Android. -service tlsdated /system/bin/tlsdated -v -l -s -G dbus -- /system/bin/tlsdate -v -C /system/etc/security/cacerts -l +service tlsdated /system/bin/tlsdated -v -l -s -G dbus,inet -- /system/bin/tlsdate -v -C /system/etc/security/cacerts -l class main # This daemon needs to start as root and drops privileges early on. user root |