init.rc: Lock down access to /proc/net/fib_trie

Make /proc/net/fib_trie only readable to root. Bug: 31269937 Test: Device boots, file has appropriate permissions. Change-Id: I0d01ce5c043d576344a6732b0b9ff93d62fcaa34
2017-08-25 12:55:52 -07:00 · 2017-08-25 12:55:52 -07:00 · 15ffc53f6d
commit 15ffc53f6d
parent 3094de9684
1 changed files with 3 additions and 0 deletions
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@ -148,6 +148,9 @@ on init
    write /proc/sys/net/ipv4/conf/all/accept_redirects 0
    write /proc/sys/net/ipv6/conf/all/accept_redirects 0

+    # /proc/net/fib_trie leaks interface IP addresses
+    chmod 0400 /proc/net/fib_trie
+
    # Create cgroup mount points for process groups
    mkdir /dev/cpuctl
    mount cgroup none /dev/cpuctl cpu