Add more first-party Brillo system users. (1c13c3d3) · Commits · e / os / android_system_core

Brillo is converging on a set of mandatory system services to be included in all Brillo builds. We'd like these services to run as separate users just like other native Android/Brillo system services. Add users for these services: -Firewalld: Brillo has more granular firewall requirements (think e.g. Brillo-powered router.) Firewalld exposes a (currently) D-Bus/ (soon to be) Binder API to broker access to IPTables rules. -Trunksd: Some Brillo product configs will require TPMs. Trunksd manages TPMs in Chrome OS and Brillo. Bug: 27299198 Change-Id: Ibe3303acdd9398ea52da0a37dbef73e5c5a948f7

include/private/android_filesystem_config.h

+4 −0

Original line number	Diff line number	Diff line
		@@ -89,6 +89,8 @@
		#define AID_DEBUGGERD 1045 /* debuggerd unprivileged user */
		#define AID_MEDIA_CODEC 1046 /* mediacodec process */
		#define AID_CAMERASERVER 1047 /* cameraserver process */
		#define AID_FIREWALL 1048 /* firewalld process */
		#define AID_TRUNKS 1049 /* trunksd process (TPM daemon) */

		#define AID_SHELL 2000 /* adb and debug shell user */
		#define AID_CACHE 2001 /* cache access */
		@@ -196,6 +198,8 @@ static const struct android_id_info android_ids[] = {
		{ "debuggerd", AID_DEBUGGERD, },
		{ "mediacodec", AID_MEDIA_CODEC, },
		{ "cameraserver", AID_CAMERASERVER, },
		{ "firewall", AID_FIREWALL, },
		{ "trunks", AID_TRUNKS, },

		{ "shell", AID_SHELL, },
		{ "cache", AID_CACHE, },