f2904a7b63c2005ab588a9ba2fb309e73200ec81 |
|
05-Aug-2013 |
Alex Klyubin <klyubin@google.com> |
Fix run-as which was broken in Android 4.3 In Android 4.3 the run-as binary no longer has the SUID/SGID bits set. Instead, it requires to be installed with setuid and setgid file-based capabilities. As a result of the above two changes, the binary no longer executes as root when invoked by the "shell" user but can still change its UID/GID to that of the target package. Unfortunately, run-as attempts to chdir into the target package's data directory before changing its effective UID/GID. As a result, when run-as is invoked by the "shell" user, the chdir operation fails. The fix is for run-as to chdir after changing the effective UID/GID to those of the target package. Bug: 10154652 Change-Id: I48ecfeab7cd36991968d49e2382ceb4110694709
/system/core/run-as/run-as.c
|
fced3ded831cb084121b10a78c12de99c89004aa |
|
26-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
run-as: Get seinfo from packages.list and pass to libselinux. Change allows the proper seinfo value to be passed to libselinux to switch to the proper app security context before running the shell. Change-Id: I9d7ea47c920b1bc09a19008345ed7fd0aa426e87 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/system/core/run-as/run-as.c
|
4ead8beac8fe59b01ad1e5670713b99e7f841b9b |
|
13-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
run-as: set the SELinux security context. Before invoking the specified command or a shell, set the SELinux security context. Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/system/core/run-as/run-as.c
|
b2d8f896b6ef081c1af263dd13d91d2f435de0fa |
|
23-Jan-2012 |
Nick Kralevich <nnk@google.com> |
Don't statically compile run-as Bug: 5904033 Change-Id: Ie815f09a2bf51ad583ded82f652d162a7f70b87e
/system/core/run-as/run-as.c
|
1f4d95296acf34a93128332441782a80c10845b4 |
|
03-Mar-2010 |
David 'Digit' Turner <digit@google.com> |
Add 'run-as' command implementation as set-uid program. Typical usage is 'run-as <package-name> <command>' to run <command> in the data directory, and the user id, of <package-name> if, and only if <package-name> is the name of an installed and debuggable application. This relies on the /data/system/packages.list file generated by the PackageManager service. BEWARE: This is intended to be available on production devices !
/system/core/run-as/run-as.c
|