Google Git
Sign in
android / platform / dalvik / 921e9ae
commit921e9aea72bc2aa99a52ccdb90573bbd3bf3508f[log] [tgz]
authorNick Kralevich <nnk@google.com>Wed Feb 13 10:39:34 2013 -0800
committerNick Kralevich <nnk@google.com>Wed Feb 13 13:33:10 2013 -0800
treed823bac2a9ff06b9ba6aad4226806f80bc0b34f9
parent896f17741aa4d897dcd9a7cb08bbbcbff93dbc60 [diff]
Zygote: limit the bounding capability set to CAP_NET_RAW

Prevent a zygote spawned application from acquiring
capabilities other than CAP_NET_RAW.  The only Zygote
accessible program on Android which grants capabilities
is /system/bin/ping (CAP_NET_RAW), so we don't need to
keep the other capabilities in our bounding set.

Change-Id: Ifbfdbaf3d32bc6237b6e1fc57766ca13baae7bde
1 file changed
tree: d823bac2a9ff06b9ba6aad4226806f80bc0b34f9
  1. dalvikvm/
  2. dexdump/
  3. dexgen/
  4. dexlist/
  5. dexopt/
  6. docs/
  7. dx/
  8. hit/
  9. libdex/
  10. opcode-gen/
  11. tests/
  12. tools/
  13. unit-tests/
  14. vm/
  15. Android.mk
  16. CleanSpec.mk
  17. MODULE_LICENSE_APACHE2
  18. NOTICE
  19. README.txt