Gitiles
Code Review Sign In
review.blissroms.org / platform_system_core_old / eb29cf2b1d4ea7474b963e2f79b39b917bc692b4
commiteb29cf2b1d4ea7474b963e2f79b39b917bc692b4[log] [tgz]
authorLorenzo Colitti <lorenzo@google.com>Wed Mar 22 16:37:42 2017 +0900
committerLorenzo Colitti <lorenzo@google.com>Wed Mar 22 17:03:19 2017 +0900
tree15823bba1129e1a56d720d997634dc8e6ae6e961
parent9d4554483fb3477e0daffe0bed18937fe4dc4915 [diff]
Make the xtables lock readable only by AID_RADIO and root.

Anyone who can read this file can call flock(..., LOCK_EX) on it,
thereby blocking any future iptables commands from running.
Restrict it to user AID_RADIO, which includes device-specific
network management daemons, and group root.

Bug: 36108349
Test: see https://android-review.googlesource.com/#/c/348939/
Change-Id: I4dae4b5a835fabdc1a61a330e0446b39651f8156
1 file changed
tree: 15823bba1129e1a56d720d997634dc8e6ae6e961
  1. adb/
  2. adf/
  3. base/
  4. bootstat/
  5. cpio/
  6. debuggerd/
  7. demangle/
  8. fastboot/
  9. fingerprintd/
  10. fs_mgr/
  11. gatekeeperd/
  12. healthd/
  13. include/
  14. init/
  15. libappfuse/
  16. libbacktrace/
  17. libbinderwrapper/
  18. libcrypto_utils/
  19. libcutils/
  20. libdiskconfig/
  21. libion/
  22. liblog/
  23. libmemtrack/
  24. libmemunreachable/
  25. libmetricslogger/
  26. libnativebridge/
  27. libnativeloader/
  28. libnetutils/
  29. libpackagelistparser/
  30. libpixelflinger/
  31. libprocessgroup/
  32. libprocinfo/
  33. libsparse/
  34. libsuspend/
  35. libsync/
  36. libsysutils/
  37. libunwindstack/
  38. libusbhost/
  39. libutils/
  40. libziparchive/
  41. lmkd/
  42. logcat/
  43. logd/
  44. logwrapper/
  45. mkbootimg/
  46. qemu_pipe/
  47. reboot/
  48. rootdir/
  49. run-as/
  50. sdcard/
  51. toolbox/
  52. trusty/
  53. tzdatacheck/
  54. .clang-format.clang-format-4
  55. .clang-format-2
  56. .clang-format-4
  57. .gitignore
  58. Android.bp
  59. Android.mk
  60. CleanSpec.mk
  61. MODULE_LICENSE_APACHE2
  62. NOTICE
  63. PREUPLOAD.cfg