Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_frameworks_native / b82c925d3cd54d5eff9f4f9e6d5aeb41f75365f5
commitb82c925d3cd54d5eff9f4f9e6d5aeb41f75365f5[log] [tgz]
authorNick Kralevich <nnk@google.com>Fri Nov 27 17:56:13 2015 -0800
committerNick Kralevich <nnk@google.com>Fri Nov 27 17:56:13 2015 -0800
treea37416060d3d3417413a175e34fde700bf35b049
parentafc0f5551d7d886bb853fe0d27d50f1e4811ce9a [diff]
dumpstate: call su before executing librank

librank uses /proc/PID/pagemap . Rather than granting dumpstate
CAP_SYS_ADMIN, have librank run from the SU domain.

Addresses the following denial:

  avc: denied { sys_admin } for pid=6442 comm="librank" capability=21 scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=capability permissive=0

This also allows us to remove the setuid bit from librank,
which will be done in a different commit.

Bug: 25739721
Change-Id: Ibf20d67dbe01b95e5cbb860a7e0eb767b8beb74a
1 file changed
tree: a37416060d3d3417413a175e34fde700bf35b049
  1. build/
  2. cmds/
  3. data/
  4. docs/
  5. include/
  6. libs/
  7. opengl/
  8. services/
  9. MODULE_LICENSE_APACHE2
  10. NOTICE