Permalink
Browse files

init.rc: setup qtaguid group ownership of ctrl and stat files

This will help get rid of android_aid.h in the kernel.
The group of the proc entries will be used in place of the default
values picked up by the xt_qtaguid netfilter module
(AID_NET_BW_STATS, AID_NET_BW_ACCT).
This change has no effect until the matching kernel changes are submitted.

Change-Id: I3c177e7b5caf9c59300eba6bd4a976634b333674
  • Loading branch information...
jpa-github authored and Gerrit Code Review committed Jan 4, 2013
1 parent d084ec9 commit 3e54aabc63535572242477fadbf13ec42b06649e
Showing with 6 additions and 0 deletions.
  1. +6 −0 rootdir/init.rc
View
@@ -120,6 +120,12 @@ loglevel 3
write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
+# qtaguid will limit access to specific data based on group memberships.
+# net_bw_acct grants impersonation of socket owners.
+# net_bw_stats grants access to other apps' detailed tagged-socket stats.
+ chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
+ chown root net_bw_stats /proc/net/xt_qtaguid/stats
+
# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.
chmod 0644 /dev/xt_qtaguid

0 comments on commit 3e54aab

Please sign in to comment.