From 5f9fa904255dd384481c74f04bb9034b9702f29b Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 16 Dec 2016 14:52:35 -0800
Subject: [PATCH] fs_config.c: make *.prop files 0600

Enforce that the only API for reading properties is through the property
server, not by reading the (system|vendor|rootfs) *.prop files.

Test: Device boots and no property errors.
Change-Id: Ibb6ed4e74a80cac00010c707d7574f8e92fc6448
---
 libcutils/fs_config.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libcutils/fs_config.c b/libcutils/fs_config.c
index 032e36195..6155d1693 100644
--- a/libcutils/fs_config.c
+++ b/libcutils/fs_config.c
@@ -188,6 +188,9 @@ static const struct fs_path_config android_files[] = {
     { 00750, AID_ROOT,      AID_SHELL,     0, "init*" },
     { 00750, AID_ROOT,      AID_SHELL,     0, "sbin/fs_mgr" },
     { 00640, AID_ROOT,      AID_SHELL,     0, "fstab.*" },
+    { 00600, AID_ROOT,      AID_ROOT,      0, "system/build.prop" },
+    { 00600, AID_ROOT,      AID_ROOT,      0, "vendor/build.prop" },
+    { 00600, AID_ROOT,      AID_ROOT,      0, "default.prop" },
     { 00644, AID_ROOT,      AID_ROOT,      0, 0 },
 };