OSDN Git Service

(root) / android-x86 / dalvik.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 896f177) | patch
Zygote: limit the bounding capability set to CAP_NET_RAW
authorNick Kralevich <nnk@google.com>
Wed, 13 Feb 2013 18:39:34 +0000 (10:39 -0800)
committerNick Kralevich <nnk@google.com>
Wed, 13 Feb 2013 21:33:10 +0000 (13:33 -0800)
commit921e9aea72bc2aa99a52ccdb90573bbd3bf3508f
treed823bac2a9ff06b9ba6aad4226806f80bc0b34f9tree | snapshot
parent896f17741aa4d897dcd9a7cb08bbbcbff93dbc60commit | diff
Zygote: limit the bounding capability set to CAP_NET_RAW

Prevent a zygote spawned application from acquiring
capabilities other than CAP_NET_RAW.  The only Zygote
accessible program on Android which grants capabilities
is /system/bin/ping (CAP_NET_RAW), so we don't need to
keep the other capabilities in our bounding set.

Change-Id: Ifbfdbaf3d32bc6237b6e1fc57766ca13baae7bde
vm/native/dalvik_system_Zygote.cpp diff | blob | history
dalvik
About OSDN
Find Software
Develop Software
Help