From 6ca090e6b0e96d392cc46b305d526e1decba0547 Mon Sep 17 00:00:00 2001
From: Zim <zezeozue@google.com>
Date: Mon, 20 Jan 2020 14:16:14 +0000
Subject: [PATCH] Harden /mnt/pass_through permission bits

It previously had 0755 permission bits

With such permissive bits, an unauthorized app can access a file using
the /mnt/pass_through path for instance even if access via /storage
would have been restricted.

It is now 0700

TODO: Change ACL for /mnt/user from 0755 to 0700 in vold only when
FUSE flag is on. Changing it with FUSE off breaks accessing /sdcard
because /sdcard is eventually a symlink to /mnt/user/0/primary

Test: adb shell ls -d /mnt/pass_through
Bug: 135341433
Change-Id: I3ea9655c6b8c6b4f847b34a2d3b96784a8f4a160
---
 rootdir/init.rc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 7a3339d8f..994065bd5 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -169,7 +169,7 @@ on init
     mkdir /mnt/user/0/emulated/0 0755 root root
 
     # Prepare directories for pass through processes
-    mkdir /mnt/pass_through 0755 root root
+    mkdir /mnt/pass_through 0700 root root
     mkdir /mnt/pass_through/0 0755 root root
     mkdir /mnt/pass_through/0/self 0755 root root
     mkdir /mnt/pass_through/0/emulated 0755 root root