From f3ef1271f225d9f00bb4ebb0573eb3e03829f9a8 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 14 Mar 2012 15:22:54 -0700
Subject: init.rc: Add documentation

Android developers should never place files in /data/local/tmp.
Files or directories in /data/local/tmp can be minipulated by the
shell user.

Android developers should never create world-writable files
or directories. This is a common source of security vulnerabilities.

Change-Id: I6d2cd620ab49d8ca3f39282f7d2ed682a9ba91c3
---
 rootdir/init.rc | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'rootdir')

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 2e8f7d29..438ac830 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -1,3 +1,9 @@
+# Copyright (C) 2012 The Android Open Source Project
+#
+# IMPORTANT: Do not create world writable files or directories.
+# This is a common source of Android security bugs.
+#
+
 import /init.${ro.hardware}.rc
 
 on early-init
@@ -163,6 +169,9 @@ on post-fs-data
     mkdir /data/misc/wifi 0770 wifi wifi
     chmod 0660 /data/misc/wifi/wpa_supplicant.conf
     mkdir /data/local 0751 root root
+
+    # For security reasons, /data/local/tmp should always be empty.
+    # Do not place files or directories in /data/local/tmp
     mkdir /data/local/tmp 0771 shell shell
     mkdir /data/data 0771 system system
     mkdir /data/app-private 0771 system system
-- 
cgit v1.2.3