diff options
| author | JP Abgrall <jpa@google.com> | 2013-01-04 14:34:58 -0800 |
|---|---|---|
| committer | dhacker29 <davidhackerdvm@gmail.com> | 2013-05-20 23:54:01 -0500 |
| commit | e79310eb7fe1402aecfe12016d855ba24cb9b8b1 (patch) | |
| tree | 85c9765726146e6bc385b02d4a7d482c979d84b7 | |
| parent | ddca232a18c3d80168639691584752d796d3e5eb (diff) | |
| download | system_core-e79310eb7fe1402aecfe12016d855ba24cb9b8b1.zip system_core-e79310eb7fe1402aecfe12016d855ba24cb9b8b1.tar.gz system_core-e79310eb7fe1402aecfe12016d855ba24cb9b8b1.tar.bz2 | |
init.rc: setup qtaguid group ownership of ctrl and stat files
This will help get rid of android_aid.h in the kernel.
The group of the proc entries will be used in place of the default
values picked up by the xt_qtaguid netfilter module
(AID_NET_BW_STATS, AID_NET_BW_ACCT).
This change has no effect until the matching kernel changes are submitted.
Change-Id: I3c177e7b5caf9c59300eba6bd4a976634b333674
| -rw-r--r-- | rootdir/init.rc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index ec14c5e..0bbb12f 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -129,6 +129,12 @@ loglevel 3 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000 +# qtaguid will limit access to specific data based on group memberships. +# net_bw_acct grants impersonation of socket owners. +# net_bw_stats grants access to other apps' detailed tagged-socket stats. + chown root net_bw_acct /proc/net/xt_qtaguid/ctrl + chown root net_bw_stats /proc/net/xt_qtaguid/stats + # Allow everybody to read the xt_qtaguid resource tracking misc dev. # This is needed by any process that uses socket tagging. chmod 0644 /dev/xt_qtaguid |