| commit | f6f60c008ac6e77752665d796582435cff5be6d4 | [log] [tgz] |
|---|---|---|
| author | Nick Kralevich <nnk@google.com> | Thu May 23 09:06:24 2019 -0700 |
| committer | Nick Kralevich <nnk@google.com> | Thu May 23 09:11:56 2019 -0700 |
| tree | 6fa7f09702fea989cd6f97d83ef93e088b6fb99f | |
| parent | e066f91c0f540c09bd1b859bb4d4e31c505d0645 [diff] [blame] |
audioserver: drop inet group The audioserver process is specifically prohibited from accessing the network. See https://android.googlesource.com/platform/system/sepolicy/+/7ca6fc8629d34b6be6ca99806814a78a5f6e2b31/private/audioserver.te#91 line 91 # Media processing code is inherently risky and thus should have limited # permissions and be isolated from the rest of the system and network. # Lengthier explanation here: # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html neverallow audioserver domain:{ tcp_socket udp_socket rawip_socket } *; Since SELinux doesn't allow audioserver to access tcp/udp sockets, it doesn't make any sense to have audioserver be in the inet group. Discovered while reviewing https://android-review.googlesource.com/c/platform/frameworks/base/+/968497 Similarly, I suspect other groups listed here are also unnecessary and can be cleaned up in a future commit. Test: compiles and boots Change-Id: Ic331f301565aee911de30322dd4c3811529597ee
diff --git a/media/audioserver/audioserver.rc b/media/audioserver/audioserver.rc index 1f2e82f..d28f7a6 100644 --- a/media/audioserver/audioserver.rc +++ b/media/audioserver/audioserver.rc
@@ -2,7 +2,7 @@ class core user audioserver # media gid needed for /dev/fm (radio) and for /data/misc/media (tee) - group audio camera drmrpc inet media mediadrm net_bt net_bt_admin net_bw_acct wakelock + group audio camera drmrpc media mediadrm net_bt net_bt_admin net_bw_acct wakelock capabilities BLOCK_SUSPEND ioprio rt 4 writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks