There's already some preliminary support for adding capabilities to files in Android 4.3. See, for example:
Modify /system/bin/run-as from setuid-root to CAP_SETUID/CAP_SETGID https://android-review.googlesource.com/51945 Support setting file capabilities at ext4 creation time. https://android-review.googlesource.com/51944 However, the current patches unconditionally set VFS_CAP_FLAGS_EFFECTIVE and always clears the inheritable bits (i.e, "setcap capability=pe"), so it may not be appropriate for passing capabilities from init to child processes. Supporting something like "setcap capability=p" or "setcap capability=pi" shouldn't be too difficult to add. -- Nick On Sun, Sep 29, 2013 at 9:32 PM, Fei Yang <phar...@gmail.com> wrote: > I did create a patch to implement the capability option, however it > doesn't work because services are eventually started by execve() call, > which wipes out all capabilities. In order to preserve the capabilities > across execve() call, it looks like much larger change is required to add > file capability for the executable files. It would be great if anyone knows > an elegant way to solve this issue. > > > On Sun, Sep 29, 2013 at 1:03 PM, Glenn Kasten <gkas...@android.com> wrote: > >> init appears to have a capability option which I assume was intended to >> allow this, but it doesn't look like it was ever implemented. >> >> In a private communication with another developer, that person expressed >> reluctance to allow this feature for fear of it being used inappropriately. >> >> However if you are still really interested you could propose it on >> android-contrib@ and/or upload a CL to system/core. I'm not sure it >> would be approved; it may be worth a try. >> >> A workaround of course is to run it as root, then it immediately drops >> it's capabilities and uid. >> >> >> On Friday, September 27, 2013 6:07:22 PM UTC-7, Fei Yang wrote: >>> >>> I want to enable some capabilities for a particular service started by >>> Android init. However, all thread capabilities are cleared after execve(). >>> And it seems like kernel determines thread capabilities in conjunction with >>> file capabilities, since the file doesn't have capability attribute set, >>> the thread ends up with no capability set at all. >>> Does anyone know if it's possible at all to start a service with some >>> capabilities inherited after execve()? >>> Any idea is appreciated. >>> >>> -Fei >>> >> -- >> -- >> unsubscribe: android-kernel+unsubscr...@googlegroups.com >> website: http://groups.google.com/group/android-kernel >> --- >> You received this message because you are subscribed to the Google Groups >> "Android Linux Kernel Development" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to android-kernel+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- > -- > unsubscribe: android-kernel+unsubscr...@googlegroups.com > website: http://groups.google.com/group/android-kernel > --- > You received this message because you are subscribed to the Google Groups > "Android Linux Kernel Development" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to android-kernel+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > -- Nick Kralevich | Android Security | n...@google.com | 650.214.4037 -- -- unsubscribe: android-kernel+unsubscr...@googlegroups.com website: http://groups.google.com/group/android-kernel --- You received this message because you are subscribed to the Google Groups "Android Linux Kernel Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-kernel+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
