Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e2b2996d authored by Nick Kralevich's avatar Nick Kralevich
Browse files

fs_config.c: remove setuid from procrank 

procrank only exists on userdebug/eng builds. For those builds,
procrank can be executed by running "su 0 procrank" instead of
relying on the binary being setuid root. This reduces the number
of setuid binaries on Android and allows for the deletion of
SELinux policy to support this.

Bug: 18342188
Change-Id: I982283f2e0f6fbe5efaffc08501c1ec175f65373
parent 1407b286

libcutils/fs_config.c

+1 −2
Original line number Original line Diff line number Diff line
@@ -126,11 +126,10 @@ static const struct fs_path_config android_files[] = { 
    { 00644, AID_SYSTEM,    AID_SYSTEM,    0, "data/app-private/*" },

    { 00644, AID_SYSTEM,    AID_SYSTEM,    0, "data/app-private/*" },

    { 00644, AID_APP,       AID_APP,       0, "data/data/*" },

    { 00644, AID_APP,       AID_APP,       0, "data/data/*" },





    /* the following five files are INTENTIONALLY set-uid, but they

    /* the following four files are INTENTIONALLY set-uid, but they

     * are NOT included on user builds. */

     * are NOT included on user builds. */

    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },

    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },

    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/librank" },

    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/librank" },

    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procrank" },

    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },

    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },

    { 04770, AID_ROOT,      AID_RADIO,     0, "system/bin/pppd-ril" },

    { 04770, AID_ROOT,      AID_RADIO,     0, "system/bin/pppd-ril" },