fe8135739c5a9195e74786205c077964ba4f9c44 |
|
12-Feb-2013 |
Nick Kralevich <nnk@google.com> |
android_filesystem_config.h: change ping and run-as /system/bin/ping no longer requires CAP_NET_RAW, as we're now using IPPROTO_ICMP. Please see the following for more details: * http://lwn.net/Articles/443051/ * https://android-review.googlesource.com/52090 * https://android-review.googlesource.com/52072 We can now make ping a normal, unprivileged program. /system/bin/run-as only requires CAP_SETUID and CAP_SETGID. Explicitly set the capabilities of this file, and remove the setuid bit. This is equivalent to running the following commands: * chmod 750 /system/bin/run-as * chown root:shell /system/bin/run-as * setcap cap_setgid,cap_setuid+ep /system/bin/run-as Change-Id: I65df858b45e6de4e2190ac9d6d592c06ea9d28cf
/system/core/include/private/android_filesystem_capability.h
|