commit 211a5bc5d214229e31006c927ab228e48a0bcb7e
author Treehugger Robot <treehugger-gerrit@google.com> Thu Nov 03 18:08:54 2016 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Nov 03 18:08:55 2016 +0000
tree 4caafdbe6521fd2c4d4b343c3492240c68706839
parent a795f0b6cb80880eb9c979cc10cd0f5b0ee09677
parent de274a9b401135b14b869de377ee354f89e4de7a

Merge "give zygote AID_READPROC"

adb/file_sync_service.cpp

diff --git a/adb/file_sync_service.cpp b/adb/file_sync_service.cpp
index 837902a..7a92d2e 100644
--- a/adb/file_sync_service.cpp
+++ b/adb/file_sync_service.cpp
@@ -198,11 +198,6 @@
         // Ignore the result of calling fchmod. It's not supported
         // by all filesystems, so we don't check for success. b/12441485
         fchmod(fd, mode);
-
-        if (!update_capabilities(path, capabilities)) {
-            SendSyncFailErrno(s, "update_capabilities failed");
-            goto fail;
-        }
     }
 
     while (true) {
@@ -232,6 +227,11 @@
 
     adb_close(fd);
 
+    if (!update_capabilities(path, capabilities)) {
+        SendSyncFailErrno(s, "update_capabilities failed");
+        goto fail;
+    }
+
     utimbuf u;
     u.actime = timestamp;
     u.modtime = timestamp;

libcutils/fs_config.c

diff --git a/libcutils/fs_config.c b/libcutils/fs_config.c
index 9908637..3c3ceb4 100644
--- a/libcutils/fs_config.c
+++ b/libcutils/fs_config.c
@@ -149,6 +149,14 @@
     /* Support wifi_hal_legacy administering a network interface. */
     { 00755, AID_WIFI,      AID_WIFI,     CAP_MASK_LONG(CAP_NET_ADMIN) | CAP_MASK_LONG(CAP_NET_RAW),    "system/bin/hw/android.hardware.wifi@1.0-service" },
 
+    /* A non-privileged zygote that spawns isolated processes for web rendering. */
+    { 0750,  AID_ROOT,      AID_ROOT,      CAP_MASK_LONG(CAP_SETUID) |
+                                           CAP_MASK_LONG(CAP_SETGID) |
+                                           CAP_MASK_LONG(CAP_SETPCAP), "system/bin/webview_zygote32" },
+    { 0750,  AID_ROOT,      AID_ROOT,      CAP_MASK_LONG(CAP_SETUID) |
+                                           CAP_MASK_LONG(CAP_SETGID) |
+                                           CAP_MASK_LONG(CAP_SETPCAP), "system/bin/webview_zygote64" },
+
     { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/uncrypt" },
     { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/install-recovery.sh" },
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/*" },

rootdir/init.rc

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 50ee110..e8b1882 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -647,13 +647,3 @@
 service flash_recovery /system/bin/install-recovery.sh
     class main
     oneshot
-
-service hwservicemanager /system/bin/hwservicemanager
-    user system
-    disabled
-    group system readproc
-    critical
-    writepid /dev/cpuset/system-background/tasks
-
-on property:hwservicemanager.ready=true
-    class_start hal