Gitiles
Code Review Sign In
review.blissroms.org / platform_system_netd / ab3df62f7b5584af6dee4f5ec069b70dd4f4cee6
commitab3df62f7b5584af6dee4f5ec069b70dd4f4cee6[log] [tgz]
authorNick Kralevich <nnk@google.com>Wed Jun 19 17:20:24 2013 -0700
committerNick Kralevich <nnk@google.com>Wed Jun 19 17:23:14 2013 -0700
tree5677af11080496520b9780db6b469eedc41f7b5d
parent3911886e854d31058e7d3a6e310e8eafd06c02e0 [diff]
netd: reduce privileges

netd doesn't need full root capabilities. Rather, it only needs
CAP_NET_ADMIN and CAP_NET_RAW. Reduce the capabilities to that
set.

netd continues to run with UID=0, which allows applications spawned
by netd to continue to have CAP_NET_ADMIN and CAP_NET_RAW. It also
allows netd to access /proc and /sys files as UID=0.

Change-Id: I439d22150109697213c0cc83276ddb668007b978
1 file changed
tree: 5677af11080496520b9780db6b469eedc41f7b5d
  1. Android.mk
  2. BandwidthController.cpp
  3. BandwidthController.h
  4. ClatdController.cpp
  5. ClatdController.h
  6. CleanSpec.mk
  7. CommandListener.cpp
  8. CommandListener.h
  9. DnsProxyListener.cpp
  10. DnsProxyListener.h
  11. FirewallController.cpp
  12. FirewallController.h
  13. IdletimerController.cpp
  14. IdletimerController.h
  15. InterfaceController.cpp
  16. InterfaceController.h
  17. List.h
  18. logwrapper.c
  19. main.cpp
  20. MDnsSdListener.cpp
  21. MDnsSdListener.h
  22. NatController.cpp
  23. NatController.h
  24. ndc.c
  25. NetdCommand.cpp
  26. NetdCommand.h
  27. NetdConstants.cpp
  28. NetdConstants.h
  29. NetlinkHandler.cpp
  30. NetlinkHandler.h
  31. NetlinkManager.cpp
  32. NetlinkManager.h
  33. oem_iptables_hook.cpp
  34. oem_iptables_hook.h
  35. PppController.cpp
  36. PppController.h
  37. ResolverController.cpp
  38. ResolverController.h
  39. ResponseCode.h
  40. SecondaryTableController.cpp
  41. SecondaryTableController.h
  42. SoftapController.cpp
  43. SoftapController.h
  44. TetherController.cpp
  45. TetherController.h
  46. ThrottleController.cpp
  47. ThrottleController.h