platform_system_core/fs_mgr
Nick Kralevich e18c0d508a fs_mgr: make block devices read-only
When a filesystem is mounted read-only, make the underlying
block device read-only too. This helps prevent an attacker
who is able to change permissions on the files in /dev
(for example, symlink attack) from modifying the block device.

In particular, this change would have stopped the LG Thrill / Optimus
3D rooting exploit
(http://vulnfactory.org/blog/2012/02/26/rooting-the-lg-thrill-optimus-3d/)
as that exploit modified the raw block device corresponding to /system.

This change also makes UID=0 less powerful. Block devices cannot
be made writable again without CAP_SYS_ADMIN, so an escalation
to UID=0 by itself doesn't give full root access.

adb/mount: Prior to mounting something read-write, remove the
read-only restrictions on the underlying block device. This avoids
messing up developer workflows.

Change-Id: I135098a8fe06f327336f045aab0d48ed9de33807
2013-04-24 08:53:26 -07:00
..
include fs_mgr: support a unified fstab format. 2013-02-19 10:18:42 -08:00
Android.mk Include liblog in fs_mgr to fix the build. 2013-04-15 12:33:17 -07:00
fs_mgr.c fs_mgr: make block devices read-only 2013-04-24 08:53:26 -07:00
fs_mgr_main.c fs_mgr: support a unified fstab format. 2013-02-19 10:18:42 -08:00
fs_mgr_priv.h fs_mgr: add support for new recoveryonly flag 2013-02-22 17:40:58 -08:00