Какие пространства имен xattrs не пользователь root может установить в Android?

671
user2284570

Я знаю, что невозможно установить security.capabilitiesатрибуты без UID 0 или CAP_SETFCAP.

Однако я не смог найти полный список того, какие пространства имен разрешены или какие запрещены.

0

1 ответ на вопрос

1
grawity

This is documented in the xattr(7) manual page:

Extended attribute namespaces

[…] Currently, the security, system, trusted, and user extended attribute classes are defined as described below. Additional classes may be added in the future.

Extended security attributes

[…] Read and write access permissions to security attributes depend on the policy implemented for each security attribute by the security module. When no security module is loaded, all processes have read access to extended security attributes, and write access is limited to processes that have the CAP_SYS_ADMIN capability.

Extended system attributes

[…] Read and write access permissions to system attributes depend on the policy implemented for each system attribute implemented by filesystems in the kernel.

Trusted extended attributes

Trusted extended attributes are visible and accessible only to processes that have the CAP_SYS_ADMIN capability. Attributes in this class are used to implement mecha‐ nisms in user space (i.e., outside the kernel) which keep information in extended attributes to which ordinary processes should not have access.

Extended user attributes

[…] The access permissions for user attributes are defined by the file permission bits: read permission is required to retrieve the attribute value, and writer permis‐ sion is required to change it.

Хорошо, давайте сузим ответ. На самом деле меня интересуют только ᴘᴄ версии андроид зефир. user2284570 8 лет назад 0