tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Harden /mnt/pass_through permission bits

Browse source 
It previously had 0755 permission bits

With such permissive bits, an unauthorized app can access a file using
the /mnt/pass_through path for instance even if access via /storage
would have been restricted.

It is now 0700

TODO: Change ACL for /mnt/user from 0755 to 0700 in vold only when
FUSE flag is on. Changing it with FUSE off breaks accessing /sdcard
because /sdcard is eventually a symlink to /mnt/user/0/primary

Test: adb shell ls -d /mnt/pass_through
Bug: 135341433
Change-Id: I3ea9655c6b8c6b4f847b34a2d3b96784a8f4a160
This commit is contained in:
Zim 2020-01-20 14:16:14 +00:00
parent f5a329f1a4
commit 6ca090e6b0
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
rootdir/init.rc
View file

@ -169,7 +169,7 @@ on init
mkdir /mnt/user/0/emulated/0 0755 root root
# Prepare directories for pass through processes
mkdir /mnt/pass_through 0755 root root
mkdir /mnt/pass_through 0700 root root
mkdir /mnt/pass_through/0 0755 root root
mkdir /mnt/pass_through/0/self 0755 root root
mkdir /mnt/pass_through/0/emulated 0755 root root