Take a look at how /system/bin/run-as is handled on Android 4.3 / 4.4. That program does exactly what you want to do, and uses CAP_SETUID to change UIDs.
Capabilities are assigned based on the contents of system/core/include/private/android_filesystem_config.h . For run-as, you can see the change at https://android-review.googlesource.com/#/c/51945/6/include/private/android_filesystem_config.h (line 231). Android doesn't ship with the getcap / setcap command line tools. They're not needed by normal programs, and it doesn't make sense to waste space to ship with them. -- Nick On Tue, Nov 12, 2013 at 2:53 AM, Akhil Arora <arora.akhi...@gmail.com>wrote: > Hi, > > I’m trying to come up with a proof of concept to set file capabilities on > Android. The capability support on Android is limited — not all APIs in the > libcap2 package for Linux seem to exist. > > Are all Linux defined file capabilities supported on Android, including > security? If so, how do I do the equivalent of getcap and setcap once I > adb-shell into the device? The goal really is build a simple program (for > example - an executable that allows the user to change uid to root via > CAP_SETUID) using the SDK/NDK tools. > > Thank you for the help. > > -- > -- > unsubscribe: android-kernel+unsubscr...@googlegroups.com > website: http://groups.google.com/group/android-kernel > --- > You received this message because you are subscribed to the Google Groups > "Android Linux Kernel Development" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to android-kernel+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > -- Nick Kralevich | Android Security | n...@google.com | 650.214.4037 -- -- unsubscribe: android-kernel+unsubscr...@googlegroups.com website: http://groups.google.com/group/android-kernel --- You received this message because you are subscribed to the Google Groups "Android Linux Kernel Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-kernel+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
