Hi Stephen, Can you clarify ³adbd drops all capabilites from the bounding set² ? Also, how is it related to setmask process which has suid itself?
Thanks On 4/24/15, 1:34 PM, "Stephen Smalley" <[email protected]> wrote: >On 04/24/2015 12:53 PM, Tai Nguyen (tainguye) wrote: >> We can¹t figure out what¹s wrong in the below case. Hopefully, the >> community can shed some light into it. >> >> We have a suid process, setmask. This process is launched by a service >> shell, debugsh. A user can get a debugsh via ssh or launch debugsh >> directly from adb shell. >> Setmask has its own domain and it is transitioned from debugsh domain. >> When debugsh is launched from adb shell, it also changes to debugsh. >> So, Regardless of how debugsh is launch via ssh or adb shell, it runs in >> debugsh domain. >> >> The issue is that setmask runs successfully via ssh and debugsh >> interface, and setmask fails via adb shell. >> >> 1. ssh ‹> debugsh ‹> setmask : Success >> 2. Adb ‹> debugsh ‹> setmask: Failure >> >> Since setmask is a suid program so it runs as root and it has >> dac_override privilege, it works as expected in case 1. >> Since both debugsh and setmask run in the same SELinux domain in both >> cases, we can¹t figure out why it fails in case 2. >> >> I recall a discussion about restricting privilege escalation in >> app_domain. Since adb shell is app_domain, I wonder if that it the >> reason setmask fails in case 2. > >adbd drops all capabilities from the bounding set except for the few >needed for run-as. I think that this has been true since Android 4.3. > _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
