diff options
| author | Nick Kralevich <nnk@google.com> | 2012-03-26 09:09:11 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2012-04-02 14:11:07 -0700 |
| commit | 6ebf12fe1bc2de7af4522349973e8bfcc71d6126 (patch) | |
| tree | 72ef777aa15fbe3cb0b34dcf77f66026e5ed2efb /init | |
| parent | eb68fa8153d97f5f8b6d9062fcf91fe393e3bff3 (diff) | |
| download | system_core-6ebf12fe1bc2de7af4522349973e8bfcc71d6126.tar.gz system_core-6ebf12fe1bc2de7af4522349973e8bfcc71d6126.tar.bz2 system_core-6ebf12fe1bc2de7af4522349973e8bfcc71d6126.zip | |
init: Change umask of forked processes to 077
Modify init to set the umask to 077 when forking processes.
This helps protect against inadvertant information disclosure
in init's child processes.
ueventd: Keep umask at 000. uevent needs to be able to
create device nodes with exactly the permissions it
indicates.
Testing:
1) Do an "ls -lR /data /dev" on the device before and after
the umask change and diff the output. Verified by hand
that the permission change wouldn't cause any problems.
2) Verify that package installation works, and the permissions
are as expected, when installing a program from market and
"adb install".
Bug: 3272072
Change-Id: Ie4f7f06c0ee9da8d9b6fce25d71d8991a9bce406
Diffstat (limited to 'init')
| -rwxr-xr-x | init/init.c | 1 | ||||
| -rw-r--r-- | init/ueventd.c | 17 |
2 files changed, 13 insertions, 5 deletions
diff --git a/init/init.c b/init/init.c index 5458e347..483544ae 100755 --- a/init/init.c +++ b/init/init.c @@ -240,6 +240,7 @@ void service_start(struct service *svc, const char *dynamic_args) char tmp[32]; int fd, sz; + umask(077); if (properties_inited()) { get_property_workspace(&fd, &sz); sprintf(tmp, "%d,%d", dup(fd), sz); diff --git a/init/ueventd.c b/init/ueventd.c index ecf3b9be..a89e0677 100644 --- a/init/ueventd.c +++ b/init/ueventd.c @@ -53,11 +53,18 @@ int ueventd_main(int argc, char **argv) int nr; char tmp[32]; - /* Prevent fire-and-forget children from becoming zombies. - * If we should need to wait() for some children in the future - * (as opposed to none right now), double-forking here instead - * of ignoring SIGCHLD may be the better solution. - */ + /* + * init sets the umask to 077 for forked processes. We need to + * create files with exact permissions, without modification by + * the umask. + */ + umask(000); + + /* Prevent fire-and-forget children from becoming zombies. + * If we should need to wait() for some children in the future + * (as opposed to none right now), double-forking here instead + * of ignoring SIGCHLD may be the better solution. + */ signal(SIGCHLD, SIG_IGN); open_devnull_stdio(); |