e690a81d99d4c1c88abf235b306ead73bbfaa012 |
|
02-Oct-2015 |
Gilad Arnold <garnold@google.com> |
Use a dedicated UID/GID for unprivileged execution. Bug: 23651876 Change-Id: Ie924bbe5cee74e3095876d6386a6ea21399b8d97
/external/tlsdate/config.h
|
9451a040340733ef044493ca396d8fb087df59e0 |
|
01-Sep-2015 |
Gilad Arnold <garnold@google.com> |
Drop privileges to nobody:nobody, use supplementary groups as needed. This ensures that, by default, tlsdated runs with the least privileges. We use the new supplementary groups feature to allow use of specific system resources (TCP sockets, DBus). Bug: 22373707 Bug: 23651876 Change-Id: I157f40c0fb42158bbc8f5233af49fe368d23892b
/external/tlsdate/config.h
|
b470cc18ef58c7c6d7e99f80559a69f65f5167e3 |
|
28-Aug-2015 |
Gilad Arnold <garnold@google.com> |
Run as non-root; drop privileges to inet:inet. 1) We are adding a specific file capability (CAP_SYS_TIME) that allows tlsdated to start as user 'system', like other services. Hence, switching to use the standard init template. 2) Our unprivileged execution needs to connect a socket so we're reusing the existing 'inet' user/group. In the long run, we should have dedicated UID/GID for tlsdated that will provide these privileges. Bug: 22373707 Change-Id: I85f9a5ee744be71691f1187030021d3178ca0861
/external/tlsdate/config.h
|
c31964b2951090a14d1135e4738fe724e6136403 |
|
27-Aug-2015 |
Gilad Arnold <garnold@google.com> |
Use a group name that actually exists. Bug: 22373707 Change-Id: I14df7d3b385114f77a6577ddaf3a903307af0f0f
/external/tlsdate/config.h
|
f1080e8c3503091620747d32718184c30156b151 |
|
24-Aug-2015 |
Gilad Arnold <garnold@google.com> |
Build tlsdate and tlsdated in AOSP (resubmitted). The tlsdate-helper target fails due to OpenSSL/BoringSSL incompatibilities and is currently commented out. Additionally new unprivileged user/group need to be allocated then set here. Bug: 22373707 Change-Id: I08b3dfffb0c541ebd493c872de094e25ba7eec32
/external/tlsdate/config.h
|
0d7369fbb1bb4433b93117cc861880c527675d04 |
|
26-Aug-2015 |
Bart Sears <bsears@google.com> |
Revert "Build tlsdate and tlsdated in AOSP." This reverts commit c300c30a28a8673d5c53981c72149a9fb6b3d17a. Change-Id: If1845b4321c360d02f6deef26aea07f7b502c35a
/external/tlsdate/config.h
|
c300c30a28a8673d5c53981c72149a9fb6b3d17a |
|
24-Aug-2015 |
Gilad Arnold <garnold@google.com> |
Build tlsdate and tlsdated in AOSP. The tlsdate-helper target fails due to OpenSSL/BoringSSL incompatibilities and is currently commented out. Additionally new unprivileged user/group need to be allocated then set here. Bug: 22373707 Change-Id: Ie3b7c0a4284dca4bfcbf2be90ec2870471279e75
/external/tlsdate/config.h
|