1exe,euser,egroup,pidns,caps,nonewprivs,filter 2 3# This is a comma separated file listing services that run on the device and the 4# expected security features that are enabled for it. 5# 6# Note: If you add a new service and it's being rejected because it's running as 7# root, do not just whitelist it here. Services should rarely be running under 8# the root account. Spend the time to improve the security of the system early 9# rather than trying to retrofit it later (especially in response to an attack). 10# 11# The fields: 12# exe: The name of the process in /proc/PID/comm (Note the 15 char limit). 13# euser: The user the account runs under (e.g. "syslog"). 14# egroup: The group the account runs under (e.g. "syslog"). 15# pidns: Whether the process runs in a unique pid namespace (Yes|No). 16# caps: Whether the process runs with restricted capabilities (Yes|No). 17# nonewprivs: Whether the process runs with no_new_privs set (minijail's -n). 18# filter: Whether the process runs with a seccomp filter (Yes|No). 19# 20# exe,euser,egroup are mandatory checks. All the other fields are opt-in. That 21# is to say, a "No" setting means the check is skipped, while a "Yes" setting 22# enforces the permission setting. 23 24# Since udev creates device nodes and changes owners/perms, it needs to run as 25# root. TODO: We should namespace it. 26udevd,root,root,No,No,No,No 27 28# Frecon needs to run as root and in the original namespace because it might 29# launch new shells via login. Would be nice if it integrated things. 30frecon,root,root,No,No,No,No 31 32session_manager,root,root,No,No,No,No 33rsyslogd,syslog,syslog,No,Yes,No,No 34dbus-daemon,messagebus,messagebus,No,Yes,No,No 35wpa_supplicant,wpa,wpa,No,Yes,Yes,No 36shill,root,root,No,No,No,No 37chapsd,chaps,chronos-access,No,Yes,Yes,No 38cryptohomed,root,root,No,No,No,No 39powerd,power,power,No,Yes,No,No 40ModemManager,modem,modem,No,Yes,Yes,No 41dhcpcd,dhcp,dhcp,No,Yes,No,No 42metrics_daemon,root,root,No,No,No,No 43disks,cros-disks,cros-disks,No,Yes,Yes,No 44update_engine,root,root,No,No,No,No 45bluetoothd,bluetooth,bluetooth,No,Yes,Yes,No 46debugd,root,root,No,No,No,No 47cras,cras,cras,No,Yes,Yes,No 48tcsd,tss,root,No,Yes,No,No 49cromo,cromo,cromo,No,No,No,No 50wimax-manager,root,root,No,No,No,No 51mtpd,mtp,mtp,No,Yes,Yes,Yes 52tlsdated,tlsdate,tlsdate,No,Yes,No,No 53tlsdated-setter,root,root,No,No,Yes,Yes 54lid_touchpad_he,root,root,No,No,No,No 55thermal.sh,root,root,No,No,No,No 56daisydog,watchdog,watchdog,Yes,Yes,Yes,No 57permission_brok,devbroker,root,No,Yes,Yes,No 58netfilter-queue,nfqueue,nfqueue,No,Yes,No,Yes 59anomaly_collect,root,root,No,No,No,No 60attestationd,attestation,attestation,No,No,No,No 61periodic_schedu,root,root,No,No,No,No 62esif_ufd,root,root,No,No,No,No 63easy_unlock,easy-unlock,easy-unlock,No,No,No,No 64sslh-fork,sslh,sslh,Yes,Yes,No,Yes 65upstart-socket-,root,root,No,No,No,No 66timberslide,root,root,No,No,No,No 67firewalld,firewall,firewall,Yes,Yes,Yes,No 68conntrackd,nfqueue,nfqueue,No,Yes,Yes,Yes 69avahi-daemon,avahi,avahi,No,Yes,No,No 70upstart-udev-br,root,root,No,No,No,No 71midis,midis,midis,Yes,Yes,Yes,Yes 72 73# ARC-related services running on Chrome OS. 74# exe,euser,egroup,pidns,caps,nonewprivs,filter 75arc_camera_serv,arc-camera,arc-camera,No,Yes,No,No 76arc_camera3_ser,arc-camera,arc-camera,Yes,Yes,Yes,Yes 77arc_camera_algo,arc-camera,arc-camera,Yes,Yes,Yes,Yes 78arc-networkd,root,root,No,No,No,No 79arc-obb-mounter,root,root,Yes,No,No,No 80arc-oemcrypto,arc-oemcrypto,arc-oemcrypto,Yes,Yes,Yes,Yes 81 82# Broadcomm Bluetooth firmware patch downloader runs on some veyron boards. 83brcm_patchram_p,root,root,No,No,No,No 84 85# tpm_managerd and trunks run on all TPM2 boards, such as reef. 86tpm_managerd,root,root,No,No,No,No 87trunksd,trunks,trunks,No,Yes,Yes,Yes 88 89# ARC container. 90# root inside the ARC container. 91app_process,android-root,android-root,Yes,No,No,No 92debuggerd,android-root,android-root,Yes,No,No,No 93debuggerd:sig,android-root,android-root,Yes,No,No,No 94healthd,android-root,android-root,Yes,No,No,No 95vold,android-root,android-root,Yes,No,No,No 96 97# Non-root inside the ARC container. 98boot_latch,656360,656360,Yes,Yes,No,No 99bugreportd,657360,656367,Yes,Yes,No,No 100logd,656396,656396,Yes,Yes,No,No 101servicemanager,656360,656360,Yes,Yes,No,No 102surfaceflinger,656360,656363,Yes,Yes,No,No 103