Commit 00690852 authored Nov 24, 2014 by Daisuke Okitsu Committed by Johan Redestig Nov 24, 2014

sdcard: mount sdcard with the noexec option

Vold mounts the sdcard with noexec, but the fuse deamon
mounts with exec, so it is still possible to execute
binaries:

  /dev/fuse /storage/sdcard1 fuse rw,nosuid,nodev,relatime,
  user_id=1023,group_id=1023,default_permissions,allow_other 0 0

  /dev/block/vold/179:65 /mnt/media_rw/sdcard1 vfat rw,dirsync,
  nosuid,nodev,noexec,relatime,uid=1023,gid=1023,fmask=0007,
  dmask=0007,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,
  shortname=mixed,utf8,errors=remount-ro 0 0

With this change both vold and fuse mounts with noexec.

Change-Id: I66cbfc3a3a89a26958f83577f5e7a5e27f99184e

parent 7f187c5f

sdcard/sdcard.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1834,7 +1834,7 @@ static int run(const char* source_path, const char* dest_path, uid_t uid,
		"fd=%i,rootmode=40000,default_permissions,allow_other,user_id=%d,group_id=%d",
		fd, uid, gid);

		res = mount("/dev/fuse", dest_path, "fuse", MS_NOSUID \| MS_NODEV, opts);
		res = mount("/dev/fuse", dest_path, "fuse", MS_NOSUID \| MS_NODEV \| MS_NOEXEC, opts);
		if (res < 0) {
		ERROR("cannot mount fuse filesystem: %s\n", strerror(errno));
		goto error;