| <html devsite><head> |
| <title>实现 Ambient 权能</title> |
| <meta name="project_path" value="/_project.yaml"/> |
| <meta name="book_path" value="/_book.yaml"/> |
| </head> |
| <body> |
| <!-- |
| Copyright 2017 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <p> |
| 借助此类权能,Linux 进程可以舍弃大多数类似于 root 的权限,同时保留执行其权能所需的权限。此类权能的原始实现使得经过 fork + exec 处理的进程无法继承权能,除非正在执行的文件已配置文件权能。而文件权能会带来安全风险,这是因为任何进程只要执行具有文件权能的文件,则一律会获得这些权能。 |
| </p> |
| <p> |
| Ambient 权能允许系统服务在其 <code>.rc</code> 文件中配置各项权能,从而将其所有配置放入单个文件中,而不必将权能配置单独放入 <code>fs_config.c</code> 文件中。 |
| </p> |
| <h2 id="reference-implementation">参考实现</h2> |
| <p> |
| 参考实现是 Android 通用内核 <a href="https://android.googlesource.com/kernel/common/">https://android.googlesource.com/kernel/common/</a> |
| </p> |
| <h2 id="required-patches">必需的补丁程序</h2> |
| <p> |
| 必需的补丁程序已反向移植到所有相关的 Android 通用内核分支。 |
| </p> |
| <p> |
| 主要 Ambient 权能补丁程序 <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=58319057b7847667f0c9585b9de0e8932b0fdb08">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=58319057b7847667f0c9585b9de0e8932b0fdb08</a> 已反向移植到: |
| |
| </p> |
| <ul> |
| <li>android-3.10 分支: |
| <ul> |
| <li><a href="https://android.googlesource.com/kernel/common/+/bdcd4484f1b399dfcb2fd7dd82b6869b2b6b60cd">https://android.googlesource.com/kernel/common/+/bdcd4484f1b399dfcb2fd7dd82b6869b2b6b60cd</a> |
| </li></ul> |
| </li><li>android-3.14 分支: |
| <ul> |
| <li><a href="https://android.googlesource.com/kernel/common/+/5440f16f1296ca05f33dfde51e8bb7ad48699640">https://android.googlesource.com/kernel/common/+/5440f16f1296ca05f33dfde51e8bb7ad48699640</a> |
| </li></ul> |
| </li><li>android-3.18: |
| <ul> |
| <li><a href="https://android.googlesource.com/kernel/common/+/d6a9a74487e86b528c44965f871de75671b6adb0">https://android.googlesource.com/kernel/common/+/d6a9a74487e86b528c44965f871de75671b6adb0</a> |
| </li></ul> |
| </li><li>android-4.1: |
| <ul> |
| <li><a href="https://android.googlesource.com/kernel/common/+/0381789d78d552462ef576d9759e9aa6fcaae3bb">https://android.googlesource.com/kernel/common/+/0381789d78d552462ef576d9759e9aa6fcaae3bb</a></li> |
| </ul> |
| </li></ul> |
| |
| <p> |
| 一个小的安全修复程序 <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b7f76ea2ef6739ee484a165ffbac98deb855d3d3">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b7f76ea2ef6739ee484a165ffbac98deb855d3d3</a> 已反向移植到:</p> |
| |
| <ul> |
| <li>android-3.10 分支: |
| <ul> |
| <li><a href="https://android.googlesource.com/kernel/common/+/ef89def080c52eb7ea6a9455eb32b1b05867133b">https://android.googlesource.com/kernel/common/+/ef89def080c52eb7ea6a9455eb32b1b05867133b</a> |
| </li></ul> |
| </li><li>android-3.14 分支: |
| <ul> |
| <li><a href="https://android.googlesource.com/kernel/common/+/f75626b3092fad4e0bd8f2aed06947352781eb77">https://android.googlesource.com/kernel/common/+/f75626b3092fad4e0bd8f2aed06947352781eb77</a> |
| </li></ul> |
| </li><li>android-3.18: |
| <ul> |
| <li><a href="https://android.googlesource.com/kernel/common/+/7bc0ef844a537ebb786ba0574932bd65751818c6">https://android.googlesource.com/kernel/common/+/7bc0ef844a537ebb786ba0574932bd65751818c6</a> |
| </li></ul> |
| </li><li>android-4.1: |
| <ul> |
| <li><a href="https://android.googlesource.com/kernel/common/+/dda568cc40d855bde2dfa9c04a7a1628c80b7f63">https://android.googlesource.com/kernel/common/+/dda568cc40d855bde2dfa9c04a7a1628c80b7f63</a></li> |
| </ul> |
| </li></ul> |
| |
| <p> |
| 版本低于 3.18 的内核所需的内存泄漏修复程序 <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d6f3328422a3bc56b0d8dd026a5de845d2abfa7">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d6f3328422a3bc56b0d8dd026a5de845d2abfa7</a> 已反向移植到: |
| </p> |
| |
| <ul> |
| <li>android-3.10 分支: |
| <ul> |
| <li><a href="https://android.googlesource.com/kernel/common/+/900e52782988ee11a1cb7d600e9edea48fc70f0f">https://android.googlesource.com/kernel/common/+/900e52782988ee11a1cb7d600e9edea48fc70f0f</a></li> |
| </ul> |
| </li></ul> |
| |
| <h2 id="validation">验证</h2> |
| <p> |
| <a href="https://android.googlesource.com/platform/bionic/+/master#Running-the-tests">仿生单元测试</a>包括针对 Ambient 权能的单元测试。此外,如果在 Android init 中为某项服务使用“capabilities”关键字,然后检查该服务是否获得了预期的权能,则可以对 Ambient 权能进行运行时测试。 |
| </p> |
| |
| </body></html> |