Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit b82c925d authored by Nick Kralevich's avatar Nick Kralevich
Browse files

dumpstate: call su before executing librank 

librank uses /proc/PID/pagemap . Rather than granting dumpstate
CAP_SYS_ADMIN, have librank run from the SU domain.

Addresses the following denial:

  avc: denied { sys_admin } for pid=6442 comm="librank" capability=21 scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=capability permissive=0

This also allows us to remove the setuid bit from librank,
which will be done in a different commit.

Bug: 25739721
Change-Id: Ibf20d67dbe01b95e5cbb860a7e0eb767b8beb74a
parent afc0f555
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment