commit | fe8135739c5a9195e74786205c077964ba4f9c44 | [log] [tgz] |
---|---|---|
author | Nick Kralevich <nnk@google.com> | Mon Feb 11 15:14:55 2013 -0800 |
committer | Nick Kralevich <nnk@google.com> | Fri Mar 01 13:18:41 2013 -0800 |
tree | 348c4ca3d27cd7a8f815e3c85a300365adc7b5bb | |
parent | cc4499b6fa9ad4cbe285d78754edcb6dd30ab893 [diff] |
android_filesystem_config.h: change ping and run-as /system/bin/ping no longer requires CAP_NET_RAW, as we're now using IPPROTO_ICMP. Please see the following for more details: * http://lwn.net/Articles/443051/ * https://android-review.googlesource.com/52090 * https://android-review.googlesource.com/52072 We can now make ping a normal, unprivileged program. /system/bin/run-as only requires CAP_SETUID and CAP_SETGID. Explicitly set the capabilities of this file, and remove the setuid bit. This is equivalent to running the following commands: * chmod 750 /system/bin/run-as * chown root:shell /system/bin/run-as * setcap cap_setgid,cap_setuid+ep /system/bin/run-as Change-Id: I65df858b45e6de4e2190ac9d6d592c06ea9d28cf