diff options
author | Yi-Yo Chiang <yochiang@google.com> | 2021-03-22 13:45:39 +0800 |
---|---|---|
committer | Yi-Yo Chiang <yochiang@google.com> | 2021-03-22 13:51:48 +0800 |
commit | f72d88aedf164ef39e4af38a48d28dcfd5e51632 (patch) | |
tree | 4481d6e1dbf9c0ba29f83a1829a3d20d4aac1df4 /daemon.cpp | |
parent | 56c2eaad923aa5dd9be2dec033ecfd445e3d51af (diff) | |
download | gsid-f72d88aedf164ef39e4af38a48d28dcfd5e51632.tar.gz |
Make DSU metadata files globally readable
libfstab (fs_mgr_fstab.cpp) could be statically linked into
unpriviledged processes, and calling
fs_mgr_fstab.cpp:ReadFstabFromFile() from an unpriviledged process while
inside of a DSU system would return an incorrect Fstab, because
ReadFstabFromFile() needs to read the DSU metadata files to return the
correct result.
To remedy this, we make DSU metadata files that are required by libfstab
to be globally readable (0644).
We also split the sepolicy label gsi_metadata_filea into two part,
gsi_metadata_file and gsi_public_metadata_file, and make
gsi_public_metadata_file:file readable by other domain (not banned by
neverallow).
Bug: 181110285
Test: Write a small utility program to validate the result of
ReadFstabFromFile() in DSU.
Change-Id: Ia7c8c584b23752195198cc43698c71a31cabc00e
Diffstat (limited to 'daemon.cpp')
-rw-r--r-- | daemon.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -49,6 +49,9 @@ static int DumpDeviceMapper() { int main(int argc, char** argv) { android::base::InitLogging(argv, android::base::LogdLogger(android::base::SYSTEM)); + // Create globally readable files. + umask(0022); + if (argc > 1) { if (argv[1] == "run-startup-tasks"s) { android::gsi::GsiService::RunStartupTasks(); |