summaryrefslogtreecommitdiffstats
path: root/rootdir
diff options
context:
space:
mode:
authorJames Dong <jdong@google.com>2012-01-06 15:19:26 -0800
committerJames Dong <jdong@google.com>2012-01-06 15:20:20 -0800
commit09cdc0ea12598651d1c074974c9b593fd1c0e4ba (patch)
treeacfcbceaa8b8b198ff359bb8f836dd4a512c57d3 /rootdir
parent7cd3e0a3a2f9b104cd6c04f699ae62c4577787e2 (diff)
downloadsystem_core-09cdc0ea12598651d1c074974c9b593fd1c0e4ba.zip
system_core-09cdc0ea12598651d1c074974c9b593fd1c0e4ba.tar.gz
system_core-09cdc0ea12598651d1c074974c9b593fd1c0e4ba.tar.bz2
Close a security hole - do not give world readable/writable access to /data/drm
o related-to-bug: 5834297 Change-Id: I8e459610b4f69999be37364c2359b2bac82d4a2a
Diffstat (limited to 'rootdir')
-rw-r--r--rootdir/init.rc5
1 files changed, 3 insertions, 2 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 145f642..cad4cd8 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -175,8 +175,9 @@ on post-fs-data
# create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770 root root
- # create directory for DRM plug-ins
- mkdir /data/drm 0774 drm drm
+ # create directory for DRM plug-ins - give drm the read/write access to
+ # the following directory.
+ mkdir /data/drm 0770 drm drm
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems