From e79310eb7fe1402aecfe12016d855ba24cb9b8b1 Mon Sep 17 00:00:00 2001
From: JP Abgrall <jpa@google.com>
Date: Fri, 4 Jan 2013 14:34:58 -0800
Subject: init.rc: setup qtaguid group ownership of ctrl and stat files

This will help get rid of android_aid.h in the kernel.
The group of the proc entries will be used in place of the default
values picked up by the xt_qtaguid netfilter module
(AID_NET_BW_STATS, AID_NET_BW_ACCT).
This change has no effect until the matching kernel changes are submitted.

Change-Id: I3c177e7b5caf9c59300eba6bd4a976634b333674
---
 rootdir/init.rc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index ec14c5e..0bbb12f 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -129,6 +129,12 @@ loglevel 3
     write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
     write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
 
+# qtaguid will limit access to specific data based on group memberships.
+#   net_bw_acct grants impersonation of socket owners.
+#   net_bw_stats grants access to other apps' detailed tagged-socket stats.
+    chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
+    chown root net_bw_stats /proc/net/xt_qtaguid/stats
+
 # Allow everybody to read the xt_qtaguid resource tracking misc dev.
 # This is needed by any process that uses socket tagging.
     chmod 0644 /dev/xt_qtaguid
-- 
cgit v1.1