Commit 6ebf12fe authored Mar 26, 2012 by Nick Kralevich

init: Change umask of forked processes to 077

Modify init to set the umask to 077 when forking processes.
This helps protect against inadvertant information disclosure
in init's child processes.

ueventd: Keep umask at 000. uevent needs to be able to
create device nodes with exactly the permissions it
indicates.

Testing:
1) Do an "ls -lR /data /dev" on the device before and after
the umask change and diff the output. Verified by hand
that the permission change wouldn't cause any problems.

2) Verify that package installation works, and the permissions
are as expected, when installing a program from market and
"adb install".

Bug: 3272072
Change-Id: Ie4f7f06c0ee9da8d9b6fce25d71d8991a9bce406

parent eb68fa81

init/init.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -240,6 +240,7 @@ void service_start(struct service svc, const char dynamic_args)
		char tmp[32];
		int fd, sz;

		umask(077);
		if (properties_inited()) {
		get_property_workspace(&fd, &sz);
		sprintf(tmp, "%d,%d", dup(fd), sz);

init/ueventd.c

+12 −5

Original line number	Diff line number	Diff line
		@@ -53,6 +53,13 @@ int ueventd_main(int argc, char **argv)
		int nr;
		char tmp[32];

		/*
		* init sets the umask to 077 for forked processes. We need to
		* create files with exact permissions, without modification by
		* the umask.
		*/
		umask(000);

		/* Prevent fire-and-forget children from becoming zombies.
		* If we should need to wait() for some children in the future
		* (as opposed to none right now), double-forking here instead