diff options
author | Gilad Arnold <garnold@google.com> | 2015-08-27 18:58:11 -0700 |
---|---|---|
committer | Gilad Arnold <garnold@google.com> | 2015-08-31 12:40:48 -0700 |
commit | b470cc18ef58c7c6d7e99f80559a69f65f5167e3 (patch) | |
tree | 921a92007887e748ed8ae29ca1ed0889877df35e | |
parent | f73a0e44adc986e575e9cb8e92a70f406e9d88f9 (diff) | |
download | tlsdate-b470cc18ef58c7c6d7e99f80559a69f65f5167e3.tar.gz |
Run as non-root; drop privileges to inet:inet.
1) We are adding a specific file capability (CAP_SYS_TIME) that allows
tlsdated to start as user 'system', like other services. Hence,
switching to use the standard init template.
2) Our unprivileged execution needs to connect a socket so we're reusing
the existing 'inet' user/group. In the long run, we should have
dedicated UID/GID for tlsdated that will provide these privileges.
Bug: 22373707
Change-Id: I85f9a5ee744be71691f1187030021d3178ca0861
-rw-r--r-- | Android.mk | 19 | ||||
-rw-r--r-- | config.h | 6 | ||||
-rw-r--r-- | init/tlsdated.rc | 7 |
3 files changed, 21 insertions, 11 deletions
@@ -79,7 +79,7 @@ include $(BUILD_NATIVE_TEST) include $(CLEAR_VARS) LOCAL_MODULE := tlsdated -LOCAL_INIT_RC := init/tlsdated.rc +LOCAL_REQUIRED_MODULES := tlsdated.rc LOCAL_SRC_FILES := $(tlsdate_tlsdated_sources) LOCAL_CFLAGS := -DTLSDATED_MAIN LOCAL_SHARED_LIBRARIES := $(tlsdate_common_shared_libs) @@ -95,3 +95,20 @@ LOCAL_SRC_FILES := \ LOCAL_SHARED_LIBRARIES := $(tlsdate_common_shared_libs) $(eval $(tlsdate_common)) include $(BUILD_NATIVE_TEST) + + +ifdef INITRC_TEMPLATE +include $(CLEAR_VARS) +LOCAL_MODULE := tlsdated.rc +LOCAL_MODULE_CLASS := ETC +LOCAL_MODULE_PATH := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_INITRCD) + +include $(BUILD_SYSTEM)/base_rules.mk + +.PHONY: $(LOCAL_BUILT_MODULE) +$(LOCAL_BUILT_MODULE): my_args := \ + -v -l -s -- /system/bin/tlsdate -v -C /system/etc/security/cacerts -l +$(LOCAL_BUILT_MODULE): my_groups := inet +$(LOCAL_BUILT_MODULE): $(INITRC_TEMPLATE) + $(call generate-initrc-file,tlsdated,$(my_args),$(my_groups)) +endif @@ -244,12 +244,12 @@ /* Vendor of Target System */ /* #undef TARGET_VENDOR */ -/* TODO Reserve proper unprivileged uid/gid for the helper. */ +/* TODO(b/23651876) Reserve proper unprivileged uid/gid for the helper. */ /* Unprivileged group */ -#define UNPRIV_GROUP "nobody" +#define UNPRIV_GROUP "inet" /* Unprivileged user */ -#define UNPRIV_USER "nobody" +#define UNPRIV_USER "inet" /* if PolarSSL is enabled */ /* #undef USE_POLARSSL */ diff --git a/init/tlsdated.rc b/init/tlsdated.rc deleted file mode 100644 index b91b329..0000000 --- a/init/tlsdated.rc +++ /dev/null @@ -1,7 +0,0 @@ -# Init file for starting tlsdated on Android. -service tlsdated /system/bin/tlsdated -v -l -s -- /system/bin/tlsdate -v -C /system/etc/security/cacerts -l - class main - # TODO(b/23601841) Use a lesser uid once CAP_SYS_TIME is enabled. - user root - group system dbus inet - seclabel u:r:brillo:s0 |