Ubuntu
lxc-android-config package

Merge lp:~xnox/ubuntu/trusty/lxc-android-config/add-generic-rules into lp:ubuntu/trusty/lxc-android-config

  1. Trusty (14.04)
  2. add-generic-rules
  3. Merge into trusty
Proposed by Dimitri John Ledkov
Status: Merged
Merge reported by: Dimitri John Ledkov
Merged at revision: not available
Proposed branch: lp:~xnox/ubuntu/trusty/lxc-android-config/add-generic-rules
Merge into: lp:ubuntu/trusty/lxc-android-config
Diff against target: 22 lines (+10/-0)
2 files modified
debian/changelog (+6/-0)
usr/lib/lxc-android-config/70-generic.rules (+4/-0)
To merge this branch: bzr merge lp:~xnox/ubuntu/trusty/lxc-android-config/add-generic-rules
Reviewer Review Type Date Requested Status
Martin Pitt Needs Fixing
Oliver Grawert Pending
Loïc Minier Pending
Review via email: mp+192331@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Martin Pitt (pitti) wrote :

What's the purpose of setting owner and group if the permissions are 666 anyway? Is there any way the permissions could be made to not be world-writable, especially for the ttyS*? What do the qemu_* devices do, are these potentially security/robustness relevant?

review: Needs Fixing
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

On 13 November 2013 08:00, Martin Pitt <email address hidden> wrote:
> Review: Needs Fixing
>
> What's the purpose of setting owner and group if the permissions are 666 anyway? Is there any way the permissions could be made to not be world-writable, especially for the ttyS*? What do the qemu_* devices do, are these potentially security/robustness relevant?

Well, that's just copy/paste what's done on stock android. Indeed
having them non world-writable would be better, not sure what will
break. qemu_* devices communicate with qemu devices (hypervisor?) and
host OS (adb). Not sure how the attack vector would look like, given
that it is emulator. I'll open a bug to limit the permissions on
these. Since this branch is merged already.

Regards,

Dmitrijs.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

opened bug: https://bugs.launchpad.net/ubuntu/+source/lxc-android-config/+bug/1250769

Revision history for this message
Oliver Grawert (ogra) wrote :

I think we should try to restrict them once we have the emulator going. To make it work it seems to be better to use what the android side uses in a first iteration though ...

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2013-10-22 21:08:25 +0000
3+++ debian/changelog 2013-10-23 13:18:56 +0000
4@@ -1,3 +1,9 @@
5+lxc-android-config (0.118) UNRELEASED; urgency=low
6+
7+ * Add udev rules for generic goldfish emulator.
8+
9+ -- Dmitrijs Ledkovs <xnox@ubuntu.com> Wed, 23 Oct 2013 14:17:48 +0100
10+
11 lxc-android-config (0.117) trusty; urgency=low
12
13 * Use Mir on the goldfish emulator as well; we definitely don't care about
14
15=== added file 'usr/lib/lxc-android-config/70-generic.rules'
16--- usr/lib/lxc-android-config/70-generic.rules 1970-01-01 00:00:00 +0000
17+++ usr/lib/lxc-android-config/70-generic.rules 2013-10-23 13:18:56 +0000
18@@ -0,0 +1,4 @@
19+# Rules for goldfish qemu emulator
20+ACTION=="add", KERNEL=="qemu_trace", OWNER="system", GROUP="system", MODE="0666"
21+ACTION=="add", KERNEL=="qemu_pipe", OWNER="system", GROUP="system", MODE="0666"
22+ACTION=="add", KERNEL=="ttyS*", OWNER="system", GROUP="system", MODE="0666"

Subscribers

People subscribed via source and target branches