Harden /mnt/pass_through permission bits It previously had 0755 permission bits With such permissive bits, an unauthorized app can access a file using the /mnt/pass_through path for instance even if access via /storage would have been restricted. It is now 0700 TODO: Change ACL for /mnt/user from 0755 to 0700 in vold only when FUSE flag is on. Changing it with FUSE off breaks accessing /sdcard because /sdcard is eventually a symlink to /mnt/user/0/primary Test: adb shell ls -d /mnt/pass_through Bug: 135341433 Change-Id: I3ea9655c6b8c6b4f847b34a2d3b96784a8f4a160

commit: a2fa719aca3729704c9f2e2d61abbe948e4d47a2 [log] [tgz]
author: Zim <zezeozue@google.com> Mon Jan 20 14:16:14 2020 +0000
committer: Zim <zezeozue@google.com> Wed Jan 22 17:54:45 2020 +0000
tree: 8d49eb4d7a0e0478fcd9736e655a294af0d53108
parent: fee53da5e796a4d53722b12295339fe037f141c9 [diff]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 7a3339d..994065b 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -169,7 +169,7 @@
     mkdir /mnt/user/0/emulated/0 0755 root root
 
     # Prepare directories for pass through processes
-    mkdir /mnt/pass_through 0755 root root
+    mkdir /mnt/pass_through 0700 root root
     mkdir /mnt/pass_through/0 0755 root root
     mkdir /mnt/pass_through/0/self 0755 root root
     mkdir /mnt/pass_through/0/emulated 0755 root root
commit	a2fa719aca3729704c9f2e2d61abbe948e4d47a2	[log] [tgz]
author	Zim <zezeozue@google.com>	Mon Jan 20 14:16:14 2020 +0000
committer	Zim <zezeozue@google.com>	Wed Jan 22 17:54:45 2020 +0000
tree	8d49eb4d7a0e0478fcd9736e655a294af0d53108
parent	fee53da5e796a4d53722b12295339fe037f141c9 [diff]