Que namespaces de xattrs um usuário não root pode definir no android?

0

Eu sei que não é possível definir security.capabilities atributos sem uid 0 ou CAP_SETFCAP.

No entanto, não consegui encontrar uma lista completa de quais namespaces de nomes são permitidos ou quais são esses não permitidos.

    
por user2284570 14.04.2016 / 04:31

1 resposta

1

Isso está documentado na página de manual xattr (7) :

Extended attribute namespaces

[…] Currently, the security, system, trusted, and user extended attribute classes are defined as described below. Additional classes may be added in the future.

Extended security attributes

[…] Read and write access permissions to security attributes depend on the policy implemented for each security attribute by the security module. When no security module is loaded, all processes have read access to extended security attributes, and write access is limited to processes that have the CAP_SYS_ADMIN capability.

Extended system attributes

[…] Read and write access permissions to system attributes depend on the policy implemented for each system attribute implemented by filesystems in the kernel.

Trusted extended attributes

Trusted extended attributes are visible and accessible only to processes that have the CAP_SYS_ADMIN capability. Attributes in this class are used to implement mecha‐ nisms in user space (i.e., outside the kernel) which keep information in extended attributes to which ordinary processes should not have access.

Extended user attributes

[…] The access permissions for user attributes are defined by the file permission bits: read permission is required to retrieve the attribute value, and writer permis‐ sion is required to change it.

    
por 14.04.2016 / 07:03