Commit ebc0e20d authored Dec 08, 2023 by Maciej Żenczykowski

grant CAP_WAKE_ALARM to AID_NETWORK_STACK

It is effectively an oversight that bluetooth has this
but network stack does not.

This prevents the network stack process from (for example)
using timerfd_create with CLOCK_{REAL,BOOT}TIME_ALARM,
without trampolining through parts of the mainline module
which are shipped as part of the system server.

See:
  https://man7.org/linux/man-pages/man2/timerfd_create.2.html

This change presumably depends on
https://android-review.googlesource.com/c/platform/system/sepolicy/+/2863215



Bug: 316171727
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I3198262bc45cdd894fead211e9c3c6215dae71de

parent fccb9233

core/jni/com_android_internal_os_Zygote.cpp

+1 −0

Original line number	Diff line number	Diff line
		@@ -2050,6 +2050,7 @@ static jlong CalculateCapabilities(JNIEnv* env, jint uid, jint gid, jintArray gi
		}

		if (multiuser_get_app_id(uid) == AID_NETWORK_STACK) {
		capabilities \|= (1LL << CAP_WAKE_ALARM);
		capabilities \|= (1LL << CAP_NET_ADMIN);
		capabilities \|= (1LL << CAP_NET_BROADCAST);
		capabilities \|= (1LL << CAP_NET_BIND_SERVICE);