Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 841946be authored by Pete Bentley's avatar Pete Bentley Committed by Android Build Coastguard Worker
Browse files

Add AID for PRNG seeder daemon. 

Also adjust permissions on /dev/hw_random to allow prng_seeder group
read access.

Manual testing protocol:
* Verify prng_seeder daemon is running and has the
  correct label and uid/gid.
* Verify prng_seeder socket present and has correct
  label and permissions
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
  data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
  (e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance

Bug: 243933553
Test: Manual - see above
Change-Id: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
Merged-In: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
(cherry picked from commit 6cb61610)
(cherry picked from commit 046a809a)
Merged-In: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
parent ec18f508
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment