diff options
| author | JP Abgrall <jpa@google.com> | 2013-01-04 14:34:58 -0800 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2013-01-04 15:31:20 -0800 |
| commit | 3e54aabc63535572242477fadbf13ec42b06649e (patch) | |
| tree | 54638267f806efaa9175e15b2eccfc53ab1b28e6 /rootdir | |
| parent | d084ec96b6b9cde311a4283a5f9121a1034de166 (diff) | |
| download | system_core-3e54aabc63535572242477fadbf13ec42b06649e.zip system_core-3e54aabc63535572242477fadbf13ec42b06649e.tar.gz system_core-3e54aabc63535572242477fadbf13ec42b06649e.tar.bz2 | |
init.rc: setup qtaguid group ownership of ctrl and stat files
This will help get rid of android_aid.h in the kernel.
The group of the proc entries will be used in place of the default
values picked up by the xt_qtaguid netfilter module
(AID_NET_BW_STATS, AID_NET_BW_ACCT).
This change has no effect until the matching kernel changes are submitted.
Change-Id: I3c177e7b5caf9c59300eba6bd4a976634b333674
Diffstat (limited to 'rootdir')
| -rw-r--r-- | rootdir/init.rc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index a76602c..5205200 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -120,6 +120,12 @@ loglevel 3 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000 +# qtaguid will limit access to specific data based on group memberships. +# net_bw_acct grants impersonation of socket owners. +# net_bw_stats grants access to other apps' detailed tagged-socket stats. + chown root net_bw_acct /proc/net/xt_qtaguid/ctrl + chown root net_bw_stats /proc/net/xt_qtaguid/stats + # Allow everybody to read the xt_qtaguid resource tracking misc dev. # This is needed by any process that uses socket tagging. chmod 0644 /dev/xt_qtaguid |