Restrict zygote to system user.

CVE-2011-3918: Address denial of service attack against Android's zygote process. This change enforces that only UID=system can directly connect to zygote to spawn processes. Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067
2012-01-27 13:06:53 -08:00 · 2012-01-27 13:06:53 -08:00 · e7fd911fd4
commit e7fd911fd4
parent 46f86f11d4
1 changed files with 1 additions and 1 deletions
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@ -417,7 +417,7 @@ service surfaceflinger /system/bin/surfaceflinger

 service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
    class main
-    socket zygote stream 666
+    socket zygote stream 660 root system
    onrestart write /sys/android_power/request_state wake
    onrestart write /sys/power/state on
    onrestart restart media