Don't use GID-based capabilities for 'apmanager'.
The two daemons launched by 'apmanager', 'hostapd' and 'dnsmasq',
already use file capabilities. This means groups |net_admin| and
|net_raw| are not needed.
Group |inet| is needed for now because current kernels enable Android
paranoid networking settings. Once that setting is removed, the group
will not be needed anymore but will also be harmless.
Bug: 27548062
Change-Id: Ic91cc4d989f4e6961cd54428ce004b17e291b085
diff --git a/apmanager.rc b/apmanager.rc
index b373d57..61902e2 100644
--- a/apmanager.rc
+++ b/apmanager.rc
@@ -6,7 +6,7 @@
service apmanager /system/bin/apmanager
class late_start
user system
- group system dbus net_admin net_raw
+ group system dbus inet
disabled
on property:wifi-setup.complete=1