Restrict zygote to system user.

CVE-2011-3918: Address denial of service attack against Android's zygote process. This change enforces that only UID=system can directly connect to zygote to spawn processes. Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067
author: Nick Kralevich <nnk@google.com> 2012-01-27 13:06:53 -0800
committer: Nick Kralevich <nnk@google.com> 2012-04-27 14:18:02 -0700
commit: 25dd43a9a5073f0e59102750cb0410b8e9bc9847 (patch)
tree: 40a30dab41a4879b4282151dac6d893dfca91e1e /rootdir
parent: a02ff986fc0fe5543bb2168814eee04eac8ef579 (diff)
download: system_core-25dd43a9a5073f0e59102750cb0410b8e9bc9847.zip
system_core-25dd43a9a5073f0e59102750cb0410b8e9bc9847.tar.gz
system_core-25dd43a9a5073f0e59102750cb0410b8e9bc9847.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 28cd26c..236c97b 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -414,7 +414,7 @@ service surfaceflinger /system/bin/surfaceflinger
 
 service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
     class main
-    socket zygote stream 666
+    socket zygote stream 660 root system
     onrestart write /sys/android_power/request_state wake
     onrestart write /sys/power/state on
     onrestart restart media
author	Nick Kralevich <nnk@google.com>	2012-01-27 13:06:53 -0800
committer	Nick Kralevich <nnk@google.com>	2012-04-27 14:18:02 -0700
commit	25dd43a9a5073f0e59102750cb0410b8e9bc9847 (patch)
tree	40a30dab41a4879b4282151dac6d893dfca91e1e /rootdir
parent	a02ff986fc0fe5543bb2168814eee04eac8ef579 (diff)
download	system_core-25dd43a9a5073f0e59102750cb0410b8e9bc9847.zip system_core-25dd43a9a5073f0e59102750cb0410b8e9bc9847.tar.gz system_core-25dd43a9a5073f0e59102750cb0410b8e9bc9847.tar.bz2