summaryrefslogtreecommitdiffstats
path: root/rootdir
diff options
context:
space:
mode:
authorJeff Sharkey <jsharkey@android.com>2015-08-06 11:39:44 -0700
committerJeff Sharkey <jsharkey@android.com>2015-08-06 11:45:31 -0700
commitb9f438ff841f87c8ffbca85b13a533718a18e15f (patch)
tree7705d99d1e1bcb8573f53c9f0adebbf5df125564 /rootdir
parentd57125af1a81f34b162ecd5de81e6f1365aff588 (diff)
downloadsystem_core-b9f438ff841f87c8ffbca85b13a533718a18e15f.zip
system_core-b9f438ff841f87c8ffbca85b13a533718a18e15f.tar.gz
system_core-b9f438ff841f87c8ffbca85b13a533718a18e15f.tar.bz2
Protect runtime storage mount points.
We have a bunch of magic that mounts the correct view of storage access based on the runtime permissions of an app, but we forgot to protect the real underlying data sources; oops. This series of changes just bumps the directory heirarchy one level to give us /mnt/runtime which we can mask off as 0700 to prevent people from jumping to the exposed internals. Also add CTS tests to verify that we're protecting access to internal mount points like this. Bug: 22964288 Change-Id: I32068e63a3362b37e8ebca1418f900bb8537b498
Diffstat (limited to 'rootdir')
-rw-r--r--rootdir/init.rc17
1 files changed, 9 insertions, 8 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 9019b1f..b71908c 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -69,16 +69,17 @@ on init
# Storage views to support runtime permissions
mkdir /storage 0755 root root
- mkdir /mnt/runtime_default 0755 root root
- mkdir /mnt/runtime_default/self 0755 root root
- mkdir /mnt/runtime_read 0755 root root
- mkdir /mnt/runtime_read/self 0755 root root
- mkdir /mnt/runtime_write 0755 root root
- mkdir /mnt/runtime_write/self 0755 root root
+ mkdir /mnt/runtime 0700 root root
+ mkdir /mnt/runtime/default 0755 root root
+ mkdir /mnt/runtime/default/self 0755 root root
+ mkdir /mnt/runtime/read 0755 root root
+ mkdir /mnt/runtime/read/self 0755 root root
+ mkdir /mnt/runtime/write 0755 root root
+ mkdir /mnt/runtime/write/self 0755 root root
# Symlink to keep legacy apps working in multi-user world
symlink /storage/self/primary /sdcard
- symlink /mnt/user/0/primary /mnt/runtime_default/self/primary
+ symlink /mnt/user/0/primary /mnt/runtime/default/self/primary
# memory control cgroup
mkdir /dev/memcg 0700 root system
@@ -216,7 +217,7 @@ on post-fs
# Mount shared so changes propagate into child namespaces
mount rootfs rootfs / shared rec
# Mount default storage into root namespace
- mount none /mnt/runtime_default /storage slave bind rec
+ mount none /mnt/runtime/default /storage slave bind rec
# We chown/chmod /cache again so because mount is run as root + defaults
chown system cache /cache