Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6934c8ff authored by Dixon Peterson's avatar Dixon Peterson Committed by Steve Kondik
Browse files

diag: Remove world read/write permissions from /dev/diag 

/dev/diag has world read/write permissions which is considered
a security risk.  Remove these permissions.  Add new qcom_diag
group for access to /dev/diag

CRs-Fixed: 356415
(cherry picked from commit 14c85ec56fd47c5eb143617a3bd5a6e7ee39cb6e)

Change-Id: I536323a97e19a07bbd8eadffa0265d1955590285
parent a6a6bcfe

include/private/android_filesystem_config.h

+2 −0
Original line number Diff line number Diff line
@@ -77,6 +77,7 @@ 
#define AID_NET_BW_STATS  3006  /* read bandwidth statistics */

#define AID_NET_BW_ACCT   3007  /* change bandwidth statistics accounting */

#define AID_QCOM_ONCRPC   3008  /* can read/write /dev/oncrpc files */

#define AID_QCOM_DIAG     3009  /* can read/write /dev/diag */



#if defined(MOTOROLA_UIDS)

#define AID_MOT_OSH       5000  /* OSH */
@@ -150,6 +151,7 @@ static const struct android_id_info android_ids[] = { 
    { "net_bw_stats", AID_NET_BW_STATS, },

    { "net_bw_acct", AID_NET_BW_ACCT, },

    { "qcom_oncrpc", AID_QCOM_ONCRPC, },

    { "qcom_diag", AID_QCOM_DIAG, },

#if defined(MOTOROLA_UIDS)

    { "mot_osh",   AID_MOT_OSH, },

    { "mot_accy",  AID_MOT_ACCY, },

rootdir/init.rc

+1 −1
Original line number Diff line number Diff line
@@ -420,7 +420,7 @@ service ril-daemon /system/bin/rild 
    socket rild stream 660 root radio

    socket rild-debug stream 660 radio system

    user root

    group radio cache inet misc audio sdcard_r sdcard_rw qcom_oncrpc diag log

    group radio cache inet misc audio sdcard_r sdcard_rw qcom_oncrpc qcom_diag log



service surfaceflinger /system/bin/surfaceflinger

    class main

rootdir/ueventd.rc

+3 −1
Original line number Diff line number Diff line
@@ -15,11 +15,13 @@ 
# the msm hw3d client device node is world writable/readable.

/dev/msm_hw3dc            0666   root       root



# the DIAG device node is not world writable/readable.

/dev/diag                 0660   system     qcom_diag



# gpu driver for adreno200 is globally accessible

/dev/kgsl                 0666   root       root



# these should not be world writable

/dev/diag                 0660   radio      radio

/dev/diag_arm9            0660   radio      radio

/dev/android_adb          0660   adb        adb

/dev/android_adb_enable   0660   adb        adb