am b9f438ff: Protect runtime storage mount points.

* commit 'b9f438ff841f87c8ffbca85b13a533718a18e15f':
  Protect runtime storage mount points.

1 files changed, 9 insertions, 8 deletions

diff --git a/rootdir/init.rc b/rootdir/init.rc
index a4e31a9..de143b7 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -69,16 +69,17 @@ on init
 
     # Storage views to support runtime permissions
     mkdir /storage 0755 root root
-    mkdir /mnt/runtime_default 0755 root root
-    mkdir /mnt/runtime_default/self 0755 root root
-    mkdir /mnt/runtime_read 0755 root root
-    mkdir /mnt/runtime_read/self 0755 root root
-    mkdir /mnt/runtime_write 0755 root root
-    mkdir /mnt/runtime_write/self 0755 root root
+    mkdir /mnt/runtime 0700 root root
+    mkdir /mnt/runtime/default 0755 root root
+    mkdir /mnt/runtime/default/self 0755 root root
+    mkdir /mnt/runtime/read 0755 root root
+    mkdir /mnt/runtime/read/self 0755 root root
+    mkdir /mnt/runtime/write 0755 root root
+    mkdir /mnt/runtime/write/self 0755 root root
 
     # Symlink to keep legacy apps working in multi-user world
     symlink /storage/self/primary /sdcard
-    symlink /mnt/user/0/primary /mnt/runtime_default/self/primary
+    symlink /mnt/user/0/primary /mnt/runtime/default/self/primary
 
     # memory control cgroup
     mkdir /dev/memcg 0700 root system
@@ -230,7 +231,7 @@ on post-fs
     # Mount shared so changes propagate into child namespaces
     mount rootfs rootfs / shared rec
     # Mount default storage into root namespace
-    mount none /mnt/runtime_default /storage slave bind rec
+    mount none /mnt/runtime/default /storage slave bind rec
 
     # We chown/chmod /cache again so because mount is run as root + defaults
     chown system cache /cache