Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 3a8e6944 authored by John Stultz's avatar John Stultz Committed by Amit Pundir
Browse files

ANDROID: net: paranoid: commoncap: Begin to warn users of implicit... 


ANDROID: net: paranoid: commoncap: Begin to warn users of implicit PARANOID_NETWORK capability grants

CAP_NET_ADMIN and CAP_NET_RAW are implicity granted to the "special"
Android groups net_admin and net_raw.

This is a byproduct of the init system not being able to specify
capabilities back in the day, but has now been resolved and .rc files
can explictly specify the capabilities to be granted to a service.

Thus, we should start to remove this implict capability grant, and the
first step is to warn when a process doesn't have explicit capablity
but is a member of the implicitly granted group, when that capability
is checked.

This will allow for the PARANOID_NETWORK checks in commoncap.c to
be totally removed in a future kernel.

Change-Id: I6dac90e23608b6dba14a8f2049ba29ae56cb7ae4
Signed-off-by: default avatarJohn Stultz <john.stultz@linaro.org>
parent 135cc551
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment