Drop privileges to nobody:nobody, use supplementary groups as needed.

This ensures that, by default, tlsdated runs with the least privileges.
We use the new supplementary groups feature to allow use of specific
system resources (TCP sockets, DBus).

Bug: 22373707
Bug: 23651876
Change-Id: I157f40c0fb42158bbc8f5233af49fe368d23892b

2 files changed, 3 insertions, 3 deletions

diff --git a/config.h b/config.h
index edb70d0..5dcfad6 100644
--- a/config.h
+++ b/config.h
@@ -246,10 +246,10 @@
 
 /* TODO(b/23651876) Reserve proper unprivileged uid/gid for the helper. */
 /* Unprivileged group */
-#define UNPRIV_GROUP "inet"
+#define UNPRIV_GROUP "nobody"
 
 /* Unprivileged user */
-#define UNPRIV_USER "inet"
+#define UNPRIV_USER "nobody"
 
 /* if PolarSSL is enabled */
 /* #undef USE_POLARSSL */
diff --git a/init/tlsdated.rc b/init/tlsdated.rc
index 2418255..87468af 100644
--- a/init/tlsdated.rc
+++ b/init/tlsdated.rc
@@ -1,5 +1,5 @@
 # Init file for starting tlsdated on Android.
-service tlsdated /system/bin/tlsdated -v -l -s -G dbus -- /system/bin/tlsdate -v -C /system/etc/security/cacerts -l
+service tlsdated /system/bin/tlsdated -v -l -s -G dbus,inet -- /system/bin/tlsdate -v -C /system/etc/security/cacerts -l
     class main
     # This daemon needs to start as root and drops privileges early on.
     user root