How to add groups to a service started by init.rc
165 views
Skip to first unread message
DanM
May 2, 2012, 2:58:53 PM5/2/12
to android-...@googlegroups.com
I want to be able to add a group to a service that is launched via stock Android init.rc in the system/core directory (specifically rild).
Now I don't want to touch/modify the init.rc file that comes in stock Android. But would rather add the group as needed later on
during init.
Now I know that this should be done somewhere in the init.<platform>.rc file but I cannot seem to find the syntax that allows this.
Glenn Kasten
May 3, 2012, 1:31:38 PM5/3/12
to android-...@googlegroups.com
Given that you don't want to modify system/core/rootdir/init.rc, I guess you could either (a) define TARGET_PROVIDES_INIT_RC (see system/core/rootdir/Android.mk for usage) and provide your forked copy that has the change you want, or (b) run a little edit script inside of that Android.mk during the copy process, that merges the stock init.rc and your patch at build time, so that it copies a patched version during that build step. I don't know of a way to merge the stock init.rc and your patch at runtime in init, again using the stock init.
DanM
May 3, 2012, 2:17:54 PM5/3/12
to android-...@googlegroups.com
Thanks Glenn
Yeah I don't want to carry a copy of init.rc for a 2 LOC change.
I would really like to know if there was a way I could add a group to a service initialized by the init.rc in my platform.rc.
Something similar to chmod or chowm for kernel sysfs. Have something like a init directive i.e. addgroup <service name> <group>. So vendors can append groups to services
during service instantiation but not have to modify the base init.rc or carry a copy of it.
Now I am not sure what the security implications of this is.
Dan
Glenn Kasten
May 4, 2012, 10:28:59 AM5/4/12
to android-platform
init can only do what the kernel supports, and in this case that's
setgroups(2) at http://linux.die.net/man/2/setgroups
init runs as root, then when it needs to create service, forks a child
(which is still root) and the child then executes setuid() and
setgroups() etc. before execing the service.
It sounds like you're looking for a setgroups() which takes a pid
parameter to specify the target process, rather than current process.
I'm not aware of such an API. I think you're best bet is to arrange
that init creates the service initially with the right groups, using
one of the methods discussed earlier.
setgroups(2) at http://linux.die.net/man/2/setgroups
init runs as root, then when it needs to create service, forks a child
(which is still root) and the child then executes setuid() and
setgroups() etc. before execing the service.
It sounds like you're looking for a setgroups() which takes a pid
parameter to specify the target process, rather than current process.
I'm not aware of such an API. I think you're best bet is to arrange
that init creates the service initially with the right groups, using
one of the methods discussed earlier.
Reply all
Reply to author
Forward
0 new messages