From b470cc18ef58c7c6d7e99f80559a69f65f5167e3 Mon Sep 17 00:00:00 2001
From: Gilad Arnold <garnold@google.com>
Date: Thu, 27 Aug 2015 18:58:11 -0700
Subject: Run as non-root; drop privileges to inet:inet.

1) We are adding a specific file capability (CAP_SYS_TIME) that allows
   tlsdated to start as user 'system', like other services. Hence,
   switching to use the standard init template.

2) Our unprivileged execution needs to connect a socket so we're reusing
   the existing 'inet' user/group. In the long run, we should have
   dedicated UID/GID for tlsdated that will provide these privileges.

Bug: 22373707
Change-Id: I85f9a5ee744be71691f1187030021d3178ca0861
---
 Android.mk       | 19 ++++++++++++++++++-
 config.h         |  6 +++---
 init/tlsdated.rc |  7 -------
 3 files changed, 21 insertions(+), 11 deletions(-)
 delete mode 100644 init/tlsdated.rc

diff --git a/Android.mk b/Android.mk
index 486f0e2..2404ef4 100644
--- a/Android.mk
+++ b/Android.mk
@@ -79,7 +79,7 @@ include $(BUILD_NATIVE_TEST)
 
 include $(CLEAR_VARS)
 LOCAL_MODULE := tlsdated
-LOCAL_INIT_RC := init/tlsdated.rc
+LOCAL_REQUIRED_MODULES := tlsdated.rc
 LOCAL_SRC_FILES := $(tlsdate_tlsdated_sources)
 LOCAL_CFLAGS := -DTLSDATED_MAIN
 LOCAL_SHARED_LIBRARIES := $(tlsdate_common_shared_libs)
@@ -95,3 +95,20 @@ LOCAL_SRC_FILES := \
 LOCAL_SHARED_LIBRARIES := $(tlsdate_common_shared_libs)
 $(eval $(tlsdate_common))
 include $(BUILD_NATIVE_TEST)
+
+
+ifdef INITRC_TEMPLATE
+include $(CLEAR_VARS)
+LOCAL_MODULE := tlsdated.rc
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_PATH := $(PRODUCT_OUT)/$(TARGET_COPY_OUT_INITRCD)
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+.PHONY: $(LOCAL_BUILT_MODULE)
+$(LOCAL_BUILT_MODULE): my_args := \
+  -v -l -s -- /system/bin/tlsdate -v -C /system/etc/security/cacerts -l
+$(LOCAL_BUILT_MODULE): my_groups := inet
+$(LOCAL_BUILT_MODULE): $(INITRC_TEMPLATE)
+	$(call generate-initrc-file,tlsdated,$(my_args),$(my_groups))
+endif
diff --git a/config.h b/config.h
index dc2838c..edb70d0 100644
--- a/config.h
+++ b/config.h
@@ -244,12 +244,12 @@
 /* Vendor of Target System */
 /* #undef TARGET_VENDOR */
 
-/* TODO Reserve proper unprivileged uid/gid for the helper. */
+/* TODO(b/23651876) Reserve proper unprivileged uid/gid for the helper. */
 /* Unprivileged group */
-#define UNPRIV_GROUP "nobody"
+#define UNPRIV_GROUP "inet"
 
 /* Unprivileged user */
-#define UNPRIV_USER "nobody"
+#define UNPRIV_USER "inet"
 
 /* if PolarSSL is enabled */
 /* #undef USE_POLARSSL */
diff --git a/init/tlsdated.rc b/init/tlsdated.rc
deleted file mode 100644
index b91b329..0000000
--- a/init/tlsdated.rc
+++ /dev/null
@@ -1,7 +0,0 @@
-# Init file for starting tlsdated on Android.
-service tlsdated /system/bin/tlsdated -v -l -s -- /system/bin/tlsdate -v -C /system/etc/security/cacerts -l
-    class main
-    # TODO(b/23601841) Use a lesser uid once CAP_SYS_TIME is enabled.
-    user root
-    group system dbus inet
-    seclabel u:r:brillo:s0
-- 
cgit v1.2.3