Add more first-party Brillo system users.
Brillo is converging on a set of mandatory system services to be
included in all Brillo builds. We'd like these services to run as
separate users just like other native Android/Brillo system services.
Add users for these services:
-Firewalld: Brillo has more granular firewall requirements (think e.g.
Brillo-powered router.) Firewalld exposes a (currently) D-Bus/
(soon to be) Binder API to broker access to IPTables rules.
-Trunksd: Some Brillo product configs will require TPMs. Trunksd
manages TPMs in Chrome OS and Brillo.
Bug: 27299198
Change-Id: Ibe3303acdd9398ea52da0a37dbef73e5c5a948f7
diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h
index c220a0c..6232f72 100644
--- a/include/private/android_filesystem_config.h
+++ b/include/private/android_filesystem_config.h
@@ -89,6 +89,8 @@
#define AID_DEBUGGERD 1045 /* debuggerd unprivileged user */
#define AID_MEDIA_CODEC 1046 /* mediacodec process */
#define AID_CAMERASERVER 1047 /* cameraserver process */
+#define AID_FIREWALL 1048 /* firewalld process */
+#define AID_TRUNKS 1049 /* trunksd process (TPM daemon) */
#define AID_SHELL 2000 /* adb and debug shell user */
#define AID_CACHE 2001 /* cache access */
@@ -196,6 +198,8 @@
{ "debuggerd", AID_DEBUGGERD, },
{ "mediacodec", AID_MEDIA_CODEC, },
{ "cameraserver", AID_CAMERASERVER, },
+ { "firewall", AID_FIREWALL, },
+ { "trunks", AID_TRUNKS, },
{ "shell", AID_SHELL, },
{ "cache", AID_CACHE, },