We did verify that the setmask program run with uid 0 and with the same domain in both cases. Do you mean that although it runs as uid 0, it doesn’t have those capabilities?
Thanks On 4/24/15, 2:00 PM, "Stephen Smalley" <[email protected]> wrote: >On 04/24/2015 01:46 PM, Tai Nguyen (tainguye) wrote: >> Hi Stephen, >> >> Can you clarify ³adbd drops all capabilites from the bounding set² ? >>Also, >> how is it related to setmask process which has suid itself? > >See "Capability bounding" in >https://source.android.com/devices/tech/security/enhancements/enhancements >43.html > >grep PR_CAPBSET_DROP system/core/adb/* > >Once removed from the capability bounding set, you cannot get it back >via exec'ing a setuid-root program. man 7 capabilities > > > _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
