Gitiles
Code Review Sign In
review.blissroms.org / platform_system_netd / 661654739d1b73a8054de7002e88ce8961ee74f5
commit661654739d1b73a8054de7002e88ce8961ee74f5[log] [tgz]
authorChenbo Feng <fengc@google.com>Mon Jul 23 19:05:56 2018 -0700
committerChenbo Feng <fengc@google.com>Tue Jul 31 12:36:47 2018 -0700
tree95b7017009125d431325b7449d2c2dc8784360f4
parentbdce8eb59d79ed53be0aaac0432492eee39aed4d [diff]
Check netutils_wrapper don't use file capabilities

The netutils_wrapper is called by a variety of vendor processes. If the
netutils_wrapper is granted CAP_NET_ADMIN by filesystem capabilities, it
may also grant such capability to all vendor domains that run this
executable. To prevent that, adding a test to make sure the
netutils_wrapper binary doesn't have filesystem capabilities setup.

Bug: 72644927
Test: atest netd_integration_test
Change-Id: I856b0782bcb3f84be2925c995a6f8b64d16ffe33
2 files changed
tree: 95b7017009125d431325b7449d2c2dc8784360f4
  1. bpfloader/
  2. client/
  3. include/
  4. libbpf/
  5. libnetdutils/
  6. netutils_wrappers/
  7. server/
  8. tests/
  9. .clang-format
  10. .editorconfig
  11. Android.bp
  12. MODULE_LICENSE_APACHE2
  13. NOTICE
  14. OWNERS
  15. PREUPLOAD.cfg