Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 15ffc53f authored by Nick Kralevich's avatar Nick Kralevich
Browse files

init.rc: Lock down access to /proc/net/fib_trie

Make /proc/net/fib_trie only readable to root.

Bug: 31269937
Test: Device boots, file has appropriate permissions.
Change-Id: I0d01ce5c043d576344a6732b0b9ff93d62fcaa34
parent 3094de96
Loading
Loading
Loading
Loading
+3 −0
Original line number Diff line number Diff line
@@ -148,6 +148,9 @@ on init
    write /proc/sys/net/ipv4/conf/all/accept_redirects 0
    write /proc/sys/net/ipv6/conf/all/accept_redirects 0

    # /proc/net/fib_trie leaks interface IP addresses
    chmod 0400 /proc/net/fib_trie

    # Create cgroup mount points for process groups
    mkdir /dev/cpuctl
    mount cgroup none /dev/cpuctl cpu