Restrict zygote to system user.

CVE-2011-3918: Address denial of service attack against Android's
zygote process. This change enforces that only UID=system can
directly connect to zygote to spawn processes.

Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067

parent a02ff986

rootdir/init.rc

+1 −1

Original line number	Diff line number	Diff line
		@@ -414,7 +414,7 @@ service surfaceflinger /system/bin/surfaceflinger

		service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
		class main
		socket zygote stream 666
		socket zygote stream 660 root system
		onrestart write /sys/android_power/request_state wake
		onrestart write /sys/power/state on
		onrestart restart media