diff options
author | David Dai <davidai@google.com> | 2024-02-26 15:54:06 -0800 |
---|---|---|
committer | David Dai <davidai@google.com> | 2024-02-26 15:58:02 -0800 |
commit | c8e0cac0145fc3b5647f37d46a3d84d8ae68b297 (patch) | |
tree | d990bdc2e63ff913d760fe698824df9a960a3d65 | |
parent | 3dfac147870293dd3502f6bc7db4c0154cdc7087 (diff) | |
download | security-c8e0cac0145fc3b5647f37d46a3d84d8ae68b297.tar.gz |
Grant SYS_NICE for odsign
Grant sys_nice capabilities to odsign so that it can spawn
VMs with sys_nice enabled which is used by compos_verify.
Bug:326557850
Test: atest odsign_e2e_tests_full
Change-Id: I9f502b997123faf9bc5a8e04f416726ea8001e41
Signed-off-by: David Dai <davidai@google.com>
-rw-r--r-- | ondevice-signing/odsign.rc | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/ondevice-signing/odsign.rc b/ondevice-signing/odsign.rc index b96c62ff..b95cf9db 100644 --- a/ondevice-signing/odsign.rc +++ b/ondevice-signing/odsign.rc @@ -3,13 +3,10 @@ service odsign /system/bin/odsign user root group system disabled # does not start with the core class - # Explicitly specify empty capabilities, otherwise odsign will inherit all - # the capabilities from init. - # Note: whether a process can use capabilities is controlled by SELinux, so - # inheriting all the capabilities from init is not a security issue. - # However, for defense-in-depth and just for the sake of bookkeeping it's - # better to explicitly state that odsign doesn't need any capabilities. - capabilities + # We need SYS_NICE in order to allow the crosvm child process to use it. + # (b/322197421). odsign itself never uses it (and isn't allowed to by + # SELinux). + capabilities SYS_NICE # Note that odsign is not oneshot, but stopped manually when it exits. This # ensures that if odsign crashes during a module update, apexd will detect |