init.rc: Lock down access to /proc/net/fib_trie

Make /proc/net/fib_trie only readable to root.

Bug: 31269937
Test: Device boots, file has appropriate permissions.
Change-Id: I0d01ce5c043d576344a6732b0b9ff93d62fcaa34

parent 3094de96

rootdir/init.rc

+3 −0

Original line number	Diff line number	Diff line
		@@ -148,6 +148,9 @@ on init
		write /proc/sys/net/ipv4/conf/all/accept_redirects 0
		write /proc/sys/net/ipv6/conf/all/accept_redirects 0

		# /proc/net/fib_trie leaks interface IP addresses
		chmod 0400 /proc/net/fib_trie

		# Create cgroup mount points for process groups
		mkdir /dev/cpuctl
		mount cgroup none /dev/cpuctl cpu