| exe,euser,egroup,pidns,mntns,caps,nonewprivs,filter |
| |
| # This is a comma separated file listing services that run on the device and the |
| # expected security features that are enabled for it. |
| # |
| # Note: If you add a new service and it's being rejected because it's running as |
| # root, do not just whitelist it here. Services should rarely be running under |
| # the root account. Spend the time to improve the security of the system early |
| # rather than trying to retrofit it later (especially in response to an attack). |
| # |
| # The fields: |
| # exe: The name of the process in /proc/PID/comm (Note the 15 char limit). |
| # euser: The user the account runs under (e.g. "syslog"). |
| # egroup: The group the account runs under (e.g. "syslog"). |
| # pidns: Whether the process runs in a unique pid namespace (Yes|No). |
| # mntns: Whether the process runs in a unique mount namespace with |
| # pivot_root(2) (Yes|No). |
| # caps: Whether the process runs with restricted capabilities (Yes|No). |
| # nonewprivs: Whether the process runs with no_new_privs set (minijail's -n). |
| # filter: Whether the process runs with a seccomp filter (Yes|No). |
| # |
| # exe,euser,egroup are mandatory checks. All the other fields are opt-in. That |
| # is to say, a "No" setting means the check is skipped, while a "Yes" setting |
| # enforces the permission setting. |
| |
| # Since udev creates device nodes and changes owners/perms, it needs to run as |
| # root. TODO: We should namespace it. |
| udevd,root,root,No,No,No,No,No |
| |
| # Frecon needs to run as root and in the original namespace because it might |
| # launch new shells via login. Would be nice if it integrated things. |
| frecon,root,root,No,No,No,No,No |
| |
| session_manager,root,root,No,No,No,No,No |
| rsyslogd,syslog,syslog,No,Yes,Yes,No,No |
| systemd-journal,syslog,syslog,No,Yes,Yes,No,No |
| dbus-daemon,messagebus,messagebus,No,No,Yes,No,No |
| wpa_supplicant,wpa,wpa,No,No,Yes,Yes,No |
| shill,shill,shill,No,No,Yes,Yes,No |
| chapsd,chaps,chronos-access,No,No,Yes,Yes,No |
| cryptohomed,root,root,No,No,No,No,No |
| powerd,power,power,No,No,Yes,No,No |
| ModemManager,modem,modem,No,No,Yes,Yes,No |
| dhcpcd,dhcp,dhcp,No,No,Yes,No,No |
| memd,root,root,Yes,Yes,No,Yes,Yes |
| metrics_daemon,root,root,No,No,No,No,No |
| disks,cros-disks,cros-disks,No,No,Yes,Yes,No |
| update_engine,root,root,No,No,No,No,No |
| bluetoothd,bluetooth,bluetooth,No,No,Yes,Yes,No |
| debugd,root,root,No,Yes,No,No,No |
| cras,cras,cras,No,Yes,Yes,Yes,No |
| tcsd,tss,tss,No,No,Yes,No,No |
| cromo,cromo,cromo,No,No,No,No,No |
| wimax-manager,root,root,No,No,No,No,No |
| mtpd,mtp,mtp,Yes,Yes,Yes,Yes,Yes |
| tlsdated,tlsdate,tlsdate,No,No,Yes,No,No |
| tlsdated-setter,root,root,No,No,No,Yes,Yes |
| lid_touchpad_he,root,root,No,No,No,No,No |
| thermal.sh,root,root,No,No,No,No,No |
| daisydog,watchdog,watchdog,Yes,Yes,Yes,Yes,No |
| permission_brok,devbroker,root,No,No,Yes,Yes,No |
| netfilter-queue,nfqueue,nfqueue,No,No,Yes,No,Yes |
| anomaly_detecto,root,root,No,No,No,No,No |
| attestationd,attestation,attestation,No,No,Yes,Yes,Yes |
| periodic_schedu,root,root,No,No,No,No,No |
| esif_ufd,root,root,No,No,No,No,No |
| easy_unlock,easy-unlock,easy-unlock,No,No,No,No,No |
| sslh-fork,sslh,sslh,Yes,Yes,Yes,No,Yes |
| upstart-socket-,root,root,No,No,No,No,No |
| timberslide,root,root,No,No,No,No,No |
| firewalld,firewall,firewall,Yes,Yes,Yes,Yes,No |
| conntrackd,nfqueue,nfqueue,No,Yes,Yes,Yes,Yes |
| avahi-daemon,avahi,avahi,No,No,Yes,No,No |
| upstart-udev-br,root,root,No,No,No,No,No |
| midis,midis,midis,Yes,Yes,Yes,Yes,Yes |
| |
| # Biometrics services. |
| bio_crypto_init,biod,biod,Yes,Yes,Yes,Yes,Yes |
| biod,biod,biod,Yes,Yes,Yes,Yes,Yes |
| |
| # Chrome OS camera services. |
| cros_camera_service,arc-camera,arc-camera,Yes,Yes,Yes,Yes,Yes |
| cros_camera_algo,arc-camera,arc-camera,Yes,Yes,Yes,Yes,Yes |
| |
| # ARC-related services running on Chrome OS. |
| arc_camera_serv,arc-camera,arc-camera,No,No,Yes,No,No |
| arc-networkd,root,root,No,No,No,No,No |
| arc-obb-mounter,root,root,Yes,Yes,No,No,No |
| arc-oemcrypto,arc-oemcrypto,arc-oemcrypto,Yes,Yes,Yes,Yes,Yes |
| |
| # Broadcomm Bluetooth firmware patch downloader runs on some veyron boards. |
| brcm_patchram_p,root,root,No,No,No,No,No |
| |
| # tpm_managerd and trunks run on all TPM2 boards, such as reef. |
| tpm_managerd,root,root,No,No,No,No,No |
| trunksd,trunks,trunks,No,No,Yes,Yes,Yes |
| |
| # ARC container. |
| # root inside the ARC container. |
| app_process,android-root,android-root,Yes,Yes,No,No,No |
| debuggerd,android-root,android-root,Yes,Yes,No,No,No |
| debuggerd:sig,android-root,android-root,Yes,Yes,No,No,No |
| healthd,android-root,android-root,Yes,Yes,No,No,No |
| vold,android-root,android-root,Yes,Yes,No,No,No |
| |
| # Non-root inside the ARC container. |
| boot_latch,656360,656360,Yes,Yes,Yes,No,No |
| bugreportd,657360,656367,Yes,Yes,Yes,No,No |
| logd,656396,656396,Yes,Yes,Yes,No,No |
| servicemanager,656360,656360,Yes,Yes,Yes,No,No |
| surfaceflinger,656360,656363,Yes,Yes,Yes,No,No |
| |
| # Chrome OS one-off init scripts. |
| # These are small setup scripts that don't spawn daemons and are short lived. |
| activate_date.s,root,root,No,No,No,No,No |
| crx-import.sh,root,root,No,No,No,No,No |
| lockbox-cache.s,root,root,No,No,No,No,No |
| powerd-pre-star,root,root,No,No,No,No,No |