ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "init.rc: Perform some mounts with nodev,nosuid,noexec"

Browse source
This commit is contained in:
Treehugger Robot 2018-02-13 21:02:47 +00:00 committed by Gerrit Code Review
commit cd66e4c6ea
1 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
rootdir/init.rc
View file

@ -28,12 +28,12 @@ on early-init
restorecon /postinstall restorecon /postinstall
# Mount cgroup mount point for cpu accounting # Mount cgroup mount point for cpu accounting
mount cgroup none /acct cpuacct mount cgroup none /acct nodev noexec nosuid cpuacct
mkdir /acct/uid mkdir /acct/uid
# root memory control cgroup, used by lmkd # root memory control cgroup, used by lmkd
mkdir /dev/memcg 0700 root system mkdir /dev/memcg 0700 root system
mount cgroup none /dev/memcg memory mount cgroup none /dev/memcg nodev noexec nosuid memory
# app mem cgroups, used by activity manager, lmkd and zygote # app mem cgroups, used by activity manager, lmkd and zygote
mkdir /dev/memcg/apps/ 0755 system system mkdir /dev/memcg/apps/ 0755 system system
# cgroup for system_server and surfaceflinger # cgroup for system_server and surfaceflinger
@ -59,7 +59,7 @@ on init
# Create energy-aware scheduler tuning nodes # Create energy-aware scheduler tuning nodes
mkdir /dev/stune mkdir /dev/stune
mount cgroup none /dev/stune schedtune mount cgroup none /dev/stune nodev noexec nosuid schedtune
mkdir /dev/stune/foreground mkdir /dev/stune/foreground
mkdir /dev/stune/background mkdir /dev/stune/background
mkdir /dev/stune/top-app mkdir /dev/stune/top-app
@ -155,7 +155,7 @@ on init
# Create cgroup mount points for process groups # Create cgroup mount points for process groups
mkdir /dev/cpuctl mkdir /dev/cpuctl
mount cgroup none /dev/cpuctl cpu mount cgroup none /dev/cpuctl nodev noexec nosuid cpu
chown system system /dev/cpuctl chown system system /dev/cpuctl
chown system system /dev/cpuctl/tasks chown system system /dev/cpuctl/tasks
chmod 0666 /dev/cpuctl/tasks chmod 0666 /dev/cpuctl/tasks
@ -164,7 +164,7 @@ on init
# sets up initial cpusets for ActivityManager # sets up initial cpusets for ActivityManager
mkdir /dev/cpuset mkdir /dev/cpuset
mount cpuset none /dev/cpuset mount cpuset none /dev/cpuset nodev noexec nosuid
# this ensures that the cpusets are present and usable, but the device's # this ensures that the cpusets are present and usable, but the device's
# init.rc must actually set the correct cpus # init.rc must actually set the correct cpus
@ -219,17 +219,17 @@ on init
chmod 0644 /dev/xt_qtaguid chmod 0644 /dev/xt_qtaguid
mkdir /dev/cg2_bpf mkdir /dev/cg2_bpf
mount cgroup2 cg2_bpf /dev/cg2_bpf mount cgroup2 cg2_bpf /dev/cg2_bpf nodev noexec nosuid
chown root root /dev/cg2_bpf chown root root /dev/cg2_bpf
chmod 0600 /dev/cg2_bpf chmod 0600 /dev/cg2_bpf
mount bpf bpf /sys/fs/bpf mount bpf bpf /sys/fs/bpf nodev noexec nosuid
# Create location for fs_mgr to store abbreviated output from filesystem # Create location for fs_mgr to store abbreviated output from filesystem
# checker programs. # checker programs.
mkdir /dev/fscklogs 0770 root system mkdir /dev/fscklogs 0770 root system
# pstore/ramoops previous console log # pstore/ramoops previous console log
mount pstore pstore /sys/fs/pstore mount pstore pstore /sys/fs/pstore nodev noexec nosuid
chown system log /sys/fs/pstore/console-ramoops chown system log /sys/fs/pstore/console-ramoops
chmod 0440 /sys/fs/pstore/console-ramoops chmod 0440 /sys/fs/pstore/console-ramoops
chown system log /sys/fs/pstore/console-ramoops-0 chown system log /sys/fs/pstore/console-ramoops-0