installd: reduce privileges.

Make installd run with fewer privileges. This will help make
exploitation of installd based vulnerabilities more difficult
to perform.

installd now runs with the following privileges:

* CAP_DAC_OVERRIDE
* CAP_CHOWN

These two capabilities are needed to add and remove files
from application's home directories.

* CAP_SETUID
* CAP_SETGID

These permissions are needed to further drop privileges when
running dexopt as the application UID.

"installd" no longer runs with full root privileges.  It cannot,
for example, mount and unmount filesystems, install modules,
perform direct I/O, etc.

Change-Id: Ib407e41e5e4c95f35a5c6a154812c5e8ae3006ed

0 files changed, 0 insertions, 0 deletions