diff options
author | Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> | 2024-02-27 15:50:00 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2024-02-27 15:50:00 +0000 |
commit | 94646d7d190918036401fd4d63b44a9d357bc7d1 (patch) | |
tree | 9a2f88024bb5011f5353286e1532f838c6baee0c | |
parent | cbae97c988c298303d9f094133182fc63b31e399 (diff) | |
parent | c8e0cac0145fc3b5647f37d46a3d84d8ae68b297 (diff) | |
download | security-94646d7d190918036401fd4d63b44a9d357bc7d1.tar.gz |
Merge "Grant SYS_NICE for odsign" into main
-rw-r--r-- | ondevice-signing/odsign.rc | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/ondevice-signing/odsign.rc b/ondevice-signing/odsign.rc index b96c62ff..b95cf9db 100644 --- a/ondevice-signing/odsign.rc +++ b/ondevice-signing/odsign.rc @@ -3,13 +3,10 @@ service odsign /system/bin/odsign user root group system disabled # does not start with the core class - # Explicitly specify empty capabilities, otherwise odsign will inherit all - # the capabilities from init. - # Note: whether a process can use capabilities is controlled by SELinux, so - # inheriting all the capabilities from init is not a security issue. - # However, for defense-in-depth and just for the sake of bookkeeping it's - # better to explicitly state that odsign doesn't need any capabilities. - capabilities + # We need SYS_NICE in order to allow the crosvm child process to use it. + # (b/322197421). odsign itself never uses it (and isn't allowed to by + # SELinux). + capabilities SYS_NICE # Note that odsign is not oneshot, but stopped manually when it exits. This # ensures that if odsign crashes during a module update, apexd will detect |