diff options
author | James Dong <jdong@google.com> | 2012-01-06 15:19:26 -0800 |
---|---|---|
committer | James Dong <jdong@google.com> | 2012-01-06 15:20:20 -0800 |
commit | 09cdc0ea12598651d1c074974c9b593fd1c0e4ba (patch) | |
tree | acfcbceaa8b8b198ff359bb8f836dd4a512c57d3 /rootdir | |
parent | 7cd3e0a3a2f9b104cd6c04f699ae62c4577787e2 (diff) | |
download | system_core-09cdc0ea12598651d1c074974c9b593fd1c0e4ba.zip system_core-09cdc0ea12598651d1c074974c9b593fd1c0e4ba.tar.gz system_core-09cdc0ea12598651d1c074974c9b593fd1c0e4ba.tar.bz2 |
Close a security hole - do not give world readable/writable access to /data/drm
o related-to-bug: 5834297
Change-Id: I8e459610b4f69999be37364c2359b2bac82d4a2a
Diffstat (limited to 'rootdir')
-rw-r--r-- | rootdir/init.rc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index 145f642..cad4cd8 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -175,8 +175,9 @@ on post-fs-data # create the lost+found directories, so as to enforce our permissions mkdir /data/lost+found 0770 root root - # create directory for DRM plug-ins - mkdir /data/drm 0774 drm drm + # create directory for DRM plug-ins - give drm the read/write access to + # the following directory. + mkdir /data/drm 0770 drm drm # If there is no fs-post-data action in the init.<device>.rc file, you # must uncomment this line, otherwise encrypted filesystems |