Merge "init.rc: Lock down access to /proc/net/fib_trie" into oc-mr1-dev am: c3090ba2f4 Change-Id: I9ffa9c76b807c8439f05388f4b8aae3d131bac5a

commit: b40a1d5c1dbe449ac2d9d60ba9872477cbf69a97 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Mon Aug 28 14:42:49 2017 +0000
committer: android-build-merger <android-build-merger@google.com> Mon Aug 28 14:42:49 2017 +0000
tree: 15c84d9f34110fa9553a855e5fe0a8f7cf152ea3
parent: c6836397f5e8af98361236fce56f76f28402062d [diff]
parent: 6114076f7d6096dd936069324e9bec1e806a19e8 [diff]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 7c3697b..544d9ee 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -148,6 +148,9 @@
     write /proc/sys/net/ipv4/conf/all/accept_redirects 0
     write /proc/sys/net/ipv6/conf/all/accept_redirects 0
 
+    # /proc/net/fib_trie leaks interface IP addresses
+    chmod 0400 /proc/net/fib_trie
+
     # Create cgroup mount points for process groups
     mkdir /dev/cpuctl
     mount cgroup none /dev/cpuctl cpu
commit	b40a1d5c1dbe449ac2d9d60ba9872477cbf69a97	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Mon Aug 28 14:42:49 2017 +0000
committer	android-build-merger <android-build-merger@google.com>	Mon Aug 28 14:42:49 2017 +0000
tree	15c84d9f34110fa9553a855e5fe0a8f7cf152ea3
parent	c6836397f5e8af98361236fce56f76f28402062d [diff]
parent	6114076f7d6096dd936069324e9bec1e806a19e8 [diff]