Gitiles
Code Review Sign In
review.blissroms.org / platform_system_core_old / 2ef2606f5630df1ace06232ad57518fbdffee665
commit2ef2606f5630df1ace06232ad57518fbdffee665[log] [tgz]
authorZim <zezeozue@google.com>Fri Jan 31 16:26:13 2020 +0000
committerZim <zezeozue@google.com>Fri Jan 31 16:26:13 2020 +0000
treea56dd484a2c5b3dfd385667355d2f84b8da4c942
parentd345b883bcf4dd2e675b0c7e8227e6514c25f481 [diff]
Harden /mnt/pass_through paths

Only the FUSE daemon (with media_rw gid) needs access to paths on
/mnt/pass_through. And even then, it only needs execute access on the
dirs, since there will always be a bind mount either from sdcardfs or
the lower filesystem on it and that bind mount correctly handles ACLs
for the FUSE daemon.

Test: manual
Bug: 135341433
Change-Id: I999451e095da355e6247e9e18fb6fe1ab8fc45d6
1 file changed
tree: a56dd484a2c5b3dfd385667355d2f84b8da4c942
  1. adb/
  2. base/
  3. bootstat/
  4. cli-test/
  5. code_coverage/
  6. cpio/
  7. debuggerd/
  8. deprecated-adf/
  9. diagnose_usb/
  10. fastboot/
  11. fs_mgr/
  12. gatekeeperd/
  13. healthd/
  14. include/
  15. init/
  16. janitors/
  17. libappfuse/
  18. libasyncio/
  19. libbacktrace/
  20. libbinderwrapper/
  21. libcrypto_utils/
  22. libcutils/
  23. libdiskconfig/
  24. libgrallocusage/
  25. libkeyutils/
  26. liblog/
  27. libmetricslogger/
  28. libmodprobe/
  29. libnetutils/
  30. libpackagelistparser/
  31. libpixelflinger/
  32. libprocessgroup/
  33. libprocinfo/
  34. libqtaguid/
  35. libsparse/
  36. libstats/
  37. libsuspend/
  38. libsync/
  39. libsystem/
  40. libsysutils/
  41. libunwindstack/
  42. libusbhost/
  43. libutils/
  44. libvndksupport/
  45. libziparchive/
  46. llkd/
  47. logcat/
  48. logd/
  49. logwrapper/
  50. property_service/
  51. qemu_pipe/
  52. reboot/
  53. rootdir/
  54. run-as/
  55. sdcard/
  56. set-verity-state/
  57. shell_and_utilities/
  58. storaged/
  59. toolbox/
  60. trusty/
  61. usbd/
  62. watchdogd/
  63. .clang-format.clang-format-4
  64. .clang-format-2 ⇨ ../../build/soong/scripts/system-clang-format-2
  65. .clang-format-4 ⇨ ../../build/soong/scripts/system-clang-format
  66. .gitignore
  67. Android.bp
  68. CleanSpec.mk
  69. MODULE_LICENSE_APACHE2
  70. NOTICE
  71. OWNERS
  72. PREUPLOAD.cfg
  73. TEST_MAPPING