Cross Reference: /external/tlsdate/config.h

History log of /external/tlsdate/config.h
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
e690a81d99d4c1c88abf235b306ead73bbfaa012	02-Oct-2015	Gilad Arnold <garnold@google.com>	Use a dedicated UID/GID for unprivileged execution. Bug: 23651876 Change-Id: Ie924bbe5cee74e3095876d6386a6ea21399b8d97 /external/tlsdate/config.h
9451a040340733ef044493ca396d8fb087df59e0	01-Sep-2015	Gilad Arnold <garnold@google.com>	Drop privileges to nobody:nobody, use supplementary groups as needed. This ensures that, by default, tlsdated runs with the least privileges. We use the new supplementary groups feature to allow use of specific system resources (TCP sockets, DBus). Bug: 22373707 Bug: 23651876 Change-Id: I157f40c0fb42158bbc8f5233af49fe368d23892b /external/tlsdate/config.h
b470cc18ef58c7c6d7e99f80559a69f65f5167e3	28-Aug-2015	Gilad Arnold <garnold@google.com>	Run as non-root; drop privileges to inet:inet. 1) We are adding a specific file capability (CAP_SYS_TIME) that allows tlsdated to start as user 'system', like other services. Hence, switching to use the standard init template. 2) Our unprivileged execution needs to connect a socket so we're reusing the existing 'inet' user/group. In the long run, we should have dedicated UID/GID for tlsdated that will provide these privileges. Bug: 22373707 Change-Id: I85f9a5ee744be71691f1187030021d3178ca0861 /external/tlsdate/config.h
c31964b2951090a14d1135e4738fe724e6136403	27-Aug-2015	Gilad Arnold <garnold@google.com>	Use a group name that actually exists. Bug: 22373707 Change-Id: I14df7d3b385114f77a6577ddaf3a903307af0f0f /external/tlsdate/config.h
f1080e8c3503091620747d32718184c30156b151	24-Aug-2015	Gilad Arnold <garnold@google.com>	Build tlsdate and tlsdated in AOSP (resubmitted). The tlsdate-helper target fails due to OpenSSL/BoringSSL incompatibilities and is currently commented out. Additionally new unprivileged user/group need to be allocated then set here. Bug: 22373707 Change-Id: I08b3dfffb0c541ebd493c872de094e25ba7eec32 /external/tlsdate/config.h
0d7369fbb1bb4433b93117cc861880c527675d04	26-Aug-2015	Bart Sears <bsears@google.com>	Revert "Build tlsdate and tlsdated in AOSP." This reverts commit c300c30a28a8673d5c53981c72149a9fb6b3d17a. Change-Id: If1845b4321c360d02f6deef26aea07f7b502c35a /external/tlsdate/config.h
c300c30a28a8673d5c53981c72149a9fb6b3d17a	24-Aug-2015	Gilad Arnold <garnold@google.com>	Build tlsdate and tlsdated in AOSP. The tlsdate-helper target fails due to OpenSSL/BoringSSL incompatibilities and is currently commented out. Additionally new unprivileged user/group need to be allocated then set here. Bug: 22373707 Change-Id: Ie3b7c0a4284dca4bfcbf2be90ec2870471279e75 /external/tlsdate/config.h