Gitiles
Code Review Sign In
review.blissroms.org / platform_system_core_old / 38324ab7644f24b19739809ef29893862643ac72^! / .
commit38324ab7644f24b19739809ef29893862643ac72[log] [tgz]
authorNick Kralevich <nnk@google.com>Thu Dec 13 10:56:33 2018 -0800
committerNick Kralevich <nnk@google.com>Thu Dec 13 10:56:33 2018 -0800
tree10b5f92e3267aa4d8b593e54eed27a7afd6746eb
parentc984779e3eb0322bff1ca41adc2ed5ef022384d7 [diff]
relax /system/bin directory permissions

In commit f4fc922f0b863659ca8e97c1f5fa522fafc7deb6, we tightened the
permissions on various bin directories. Please see
https://android-review.googlesource.com/c/platform/system/core/+/822955
for details.

This change causes the Chase banking app to crash. This is because
the Chase app is using inotify_add_watch() on the /system/bin directory
and not checking the return value.

The Android Security model guarantees the immutability of files in
/system/bin, so the inotify watch is unnecessary.

Until the Chase app fixes their bug, we need to relax the permissions on
the /system/bin directory. Conceptually, this is a partial revert of
f4fc922f0b863659ca8e97c1f5fa522fafc7deb6.

Bug: 119605322
Test: compiles
Change-Id: Ic72dd24cb27cff677093963bdfd0ae09bf132e08

diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp
index db59569..1490fbc 100644
--- a/libcutils/fs_config.cpp
+++ b/libcutils/fs_config.cpp

@@ -84,7 +84,7 @@
     { 00750, AID_ROOT,         AID_SHELL,        0, "sbin" },
     { 00777, AID_ROOT,         AID_ROOT,         0, "sdcard" },
     { 00751, AID_ROOT,         AID_SDCARD_R,     0, "storage" },
-    { 00751, AID_ROOT,         AID_SHELL,        0, "system/bin" },
+    { 00755, AID_ROOT,         AID_SHELL,        0, "system/bin" },
     { 00755, AID_ROOT,         AID_ROOT,         0, "system/etc/ppp" },
     { 00755, AID_ROOT,         AID_SHELL,        0, "system/vendor" },
     { 00751, AID_ROOT,         AID_SHELL,        0, "system/xbin" },