Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a2ceaf6b authored by Robert Sesek's avatar Robert Sesek
Browse files

Add fs_config entries for the webview_zygote. 

The webview_zygote is a non-root zygote process that creates isolated_app
children for rendering web content. It needs:
- CAP_SETUID and CAP_SETGID to change the UID of the new child process.
- CAP_SETPCAP to clear the capability bounding set after forking.

Test: m
Test: angler boots

Bug: 21643067
Change-Id: I986fa04be54e812f5dd2afa14e5d2d3e474e2b10
parent b5ce6f02

libcutils/fs_config.c

+8 −0
Original line number Diff line number Diff line
@@ -149,6 +149,14 @@ static const struct fs_path_config android_files[] = { 
    /* Support wifi_hal_legacy administering a network interface. */

    { 00755, AID_WIFI,      AID_WIFI,     CAP_MASK_LONG(CAP_NET_ADMIN) | CAP_MASK_LONG(CAP_NET_RAW),    "system/bin/hw/android.hardware.wifi@1.0-service" },



    /* A non-privileged zygote that spawns isolated processes for web rendering. */

    { 0750,  AID_ROOT,      AID_ROOT,      CAP_MASK_LONG(CAP_SETUID) |

                                           CAP_MASK_LONG(CAP_SETGID) |

                                           CAP_MASK_LONG(CAP_SETPCAP), "system/bin/webview_zygote32" },

    { 0750,  AID_ROOT,      AID_ROOT,      CAP_MASK_LONG(CAP_SETUID) |

                                           CAP_MASK_LONG(CAP_SETGID) |

                                           CAP_MASK_LONG(CAP_SETPCAP), "system/bin/webview_zygote64" },



    { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/uncrypt" },

    { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/install-recovery.sh" },

    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/*" },