summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJin Qian2017-02-10 20:29:35 -0600
committerJin Qian2017-02-10 20:33:13 -0600
commit821eb0d007f4a48a2cf97f365c7f21801dc14031 (patch)
tree3010a54a5e2ad4242817874197521e0ba2196da8 /storaged
parentdd41d6b17115f5592f184b17351383c1b06d6336 (diff)
downloadplatform-system-core-821eb0d007f4a48a2cf97f365c7f21801dc14031.tar.gz
platform-system-core-821eb0d007f4a48a2cf97f365c7f21801dc14031.tar.xz
platform-system-core-821eb0d007f4a48a2cf97f365c7f21801dc14031.zip
storaged: fix selinux dac_override denial
Bug: 35250057 Bug: 34198239 Change-Id: I18592d298765dc46ab05f25ae2ced0a5eddacc8b
Diffstat (limited to 'storaged')
-rw-r--r--storaged/Android.mk1
-rw-r--r--storaged/main.cpp26
-rw-r--r--storaged/storaged.rc2
3 files changed, 2 insertions, 27 deletions
diff --git a/storaged/Android.mk b/storaged/Android.mk
index 5abfb7ad5..2adb14daa 100644
--- a/storaged/Android.mk
+++ b/storaged/Android.mk
@@ -9,7 +9,6 @@ LIBSTORAGED_SHARED_LIBRARIES := \
9 libcutils \ 9 libcutils \
10 liblog \ 10 liblog \
11 libsysutils \ 11 libsysutils \
12 libcap \
13 libpackagelistparser \ 12 libpackagelistparser \
14 libbatteryservice \ 13 libbatteryservice \
15 14
diff --git a/storaged/main.cpp b/storaged/main.cpp
index 1103df22f..f5a8f3901 100644
--- a/storaged/main.cpp
+++ b/storaged/main.cpp
@@ -55,32 +55,6 @@ static int drop_privs() {
55 55
56 if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) return -1; 56 if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) return -1;
57 57
58 if (prctl(PR_SET_KEEPCAPS, 1) < 0) return -1;
59
60 std::unique_ptr<struct _cap_struct, int(*)(void *)> caps(cap_init(), cap_free);
61 if (cap_clear(caps.get()) < 0) return -1;
62 cap_value_t cap_value[] = {
63 CAP_SETGID,
64 CAP_SETUID
65 };
66 if (cap_set_flag(caps.get(), CAP_PERMITTED,
67 arraysize(cap_value), cap_value,
68 CAP_SET) < 0) return -1;
69 if (cap_set_flag(caps.get(), CAP_EFFECTIVE,
70 arraysize(cap_value), cap_value,
71 CAP_SET) < 0) return -1;
72 if (cap_set_proc(caps.get()) < 0)
73 return -1;
74
75 if (setgid(AID_SYSTEM) != 0) return -1;
76
77 if (setuid(AID_SYSTEM) != 0) return -1;
78
79 if (cap_set_flag(caps.get(), CAP_PERMITTED, 2, cap_value, CAP_CLEAR) < 0) return -1;
80 if (cap_set_flag(caps.get(), CAP_EFFECTIVE, 2, cap_value, CAP_CLEAR) < 0) return -1;
81 if (cap_set_proc(caps.get()) < 0)
82 return -1;
83
84 return 0; 58 return 0;
85} 59}
86 60
diff --git a/storaged/storaged.rc b/storaged/storaged.rc
index 53fdb85f5..bb7c623fd 100644
--- a/storaged/storaged.rc
+++ b/storaged/storaged.rc
@@ -2,3 +2,5 @@ service storaged /system/bin/storaged
2 class main 2 class main
3 file /d/mmc0/mmc0:0001/ext_csd r 3 file /d/mmc0/mmc0:0001/ext_csd r
4 writepid /dev/cpuset/system-background/tasks 4 writepid /dev/cpuset/system-background/tasks
5 user root
6 group system package_info \ No newline at end of file