Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a67b40bc authored by Zim's avatar Zim
Browse files

Harden /mnt/pass_through paths 

Only the FUSE daemon (with media_rw gid) needs access to paths on
/mnt/pass_through. And even then, it only needs execute access on the
dirs, since there will always be a bind mount either from sdcardfs or
the lower filesystem on it and that bind mount correctly handles ACLs
for the FUSE daemon.

Test: manual
Bug: 135341433
Change-Id: I999451e095da355e6247e9e18fb6fe1ab8fc45d6
parent 274bd807

rootdir/init.rc

+4 −4
Original line number Diff line number Diff line
@@ -174,10 +174,10 @@ on init 


    # Prepare directories for pass through processes

    mkdir /mnt/pass_through 0700 root root

    mkdir /mnt/pass_through/0 0755 root root

    mkdir /mnt/pass_through/0/self 0755 root root

    mkdir /mnt/pass_through/0/emulated 0755 root root

    mkdir /mnt/pass_through/0/emulated/0 0755 root root

    mkdir /mnt/pass_through/0 0710 root media_rw

    mkdir /mnt/pass_through/0/self 0710 root media_rw

    mkdir /mnt/pass_through/0/emulated 0710 root media_rw

    mkdir /mnt/pass_through/0/emulated/0 0710 root media_rw



    mkdir /mnt/expand 0771 system system

    mkdir /mnt/appfuse 0711 root root