| f2904a7b63c2005ab588a9ba2fb309e73200ec81 |
|
05-Aug-2013 |
Alex Klyubin <klyubin@google.com> |
Fix run-as which was broken in Android 4.3
In Android 4.3 the run-as binary no longer has the SUID/SGID bits
set. Instead, it requires to be installed with setuid and setgid
file-based capabilities. As a result of the above two changes, the
binary no longer executes as root when invoked by the "shell" user
but can still change its UID/GID to that of the target package.
Unfortunately, run-as attempts to chdir into the target package's
data directory before changing its effective UID/GID. As a result,
when run-as is invoked by the "shell" user, the chdir operation
fails.
The fix is for run-as to chdir after changing the effective UID/GID
to those of the target package.
Bug: 10154652
Change-Id: I48ecfeab7cd36991968d49e2382ceb4110694709
/system/core/run-as/run-as.c
|
| fced3ded831cb084121b10a78c12de99c89004aa |
|
26-Mar-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
run-as: Get seinfo from packages.list and pass to libselinux.
Change allows the proper seinfo value to be passed
to libselinux to switch to the proper app security
context before running the shell.
Change-Id: I9d7ea47c920b1bc09a19008345ed7fd0aa426e87
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/system/core/run-as/run-as.c
|
| 4ead8beac8fe59b01ad1e5670713b99e7f841b9b |
|
13-Nov-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
run-as: set the SELinux security context.
Before invoking the specified command or a shell, set the
SELinux security context.
Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/system/core/run-as/run-as.c
|
| b2d8f896b6ef081c1af263dd13d91d2f435de0fa |
|
23-Jan-2012 |
Nick Kralevich <nnk@google.com> |
Don't statically compile run-as
Bug: 5904033
Change-Id: Ie815f09a2bf51ad583ded82f652d162a7f70b87e
/system/core/run-as/run-as.c
|
| 1f4d95296acf34a93128332441782a80c10845b4 |
|
03-Mar-2010 |
David 'Digit' Turner <digit@google.com> |
Add 'run-as' command implementation as set-uid program.
Typical usage is 'run-as <package-name> <command>' to run <command>
in the data directory, and the user id, of <package-name> if, and only
if <package-name> is the name of an installed and debuggable application.
This relies on the /data/system/packages.list file generated by the
PackageManager service.
BEWARE: This is intended to be available on production devices !
/system/core/run-as/run-as.c
|