diff options
| author | Nick Kralevich <nnk@google.com> | 2012-03-14 15:22:54 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2012-03-14 15:36:47 -0700 |
| commit | f3ef1271f225d9f00bb4ebb0573eb3e03829f9a8 (patch) | |
| tree | cc2883dc2e10b0b2c92a5d3ab2ae752fde91d95b /rootdir | |
| parent | 1a87808b302898f8361664e80096dab0de81dfc0 (diff) | |
| download | system_core-f3ef1271f225d9f00bb4ebb0573eb3e03829f9a8.tar.gz system_core-f3ef1271f225d9f00bb4ebb0573eb3e03829f9a8.tar.bz2 system_core-f3ef1271f225d9f00bb4ebb0573eb3e03829f9a8.zip | |
init.rc: Add documentation
Android developers should never place files in /data/local/tmp.
Files or directories in /data/local/tmp can be minipulated by the
shell user.
Android developers should never create world-writable files
or directories. This is a common source of security vulnerabilities.
Change-Id: I6d2cd620ab49d8ca3f39282f7d2ed682a9ba91c3
Diffstat (limited to 'rootdir')
| -rw-r--r-- | rootdir/init.rc | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index 2e8f7d29..438ac830 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -1,3 +1,9 @@ +# Copyright (C) 2012 The Android Open Source Project +# +# IMPORTANT: Do not create world writable files or directories. +# This is a common source of Android security bugs. +# + import /init.${ro.hardware}.rc on early-init @@ -163,6 +169,9 @@ on post-fs-data mkdir /data/misc/wifi 0770 wifi wifi chmod 0660 /data/misc/wifi/wpa_supplicant.conf mkdir /data/local 0751 root root + + # For security reasons, /data/local/tmp should always be empty. + # Do not place files or directories in /data/local/tmp mkdir /data/local/tmp 0771 shell shell mkdir /data/data 0771 system system mkdir /data/app-private 0771 system system |