init: Change umask of forked processes to 077
Modify init to set the umask to 077 when forking processes.
This helps protect against inadvertant information disclosure
in init's child processes.
ueventd: Keep umask at 000. uevent needs to be able to
create device nodes with exactly the permissions it
indicates.
Testing:
1) Do an "ls -lR /data /dev" on the device before and after
the umask change and diff the output. Verified by hand
that the permission change wouldn't cause any problems.
2) Verify that package installation works, and the permissions
are as expected, when installing a program from market and
"adb install".
Bug: 3272072
Change-Id: Ie4f7f06c0ee9da8d9b6fce25d71d8991a9bce406
diff --git a/init/init.c b/init/init.c
index 5458e34..483544a 100755
--- a/init/init.c
+++ b/init/init.c
@@ -240,6 +240,7 @@
char tmp[32];
int fd, sz;
+ umask(077);
if (properties_inited()) {
get_property_workspace(&fd, &sz);
sprintf(tmp, "%d,%d", dup(fd), sz);
diff --git a/init/ueventd.c b/init/ueventd.c
index ecf3b9b..a89e067 100644
--- a/init/ueventd.c
+++ b/init/ueventd.c
@@ -53,11 +53,18 @@
int nr;
char tmp[32];
- /* Prevent fire-and-forget children from becoming zombies.
- * If we should need to wait() for some children in the future
- * (as opposed to none right now), double-forking here instead
- * of ignoring SIGCHLD may be the better solution.
- */
+ /*
+ * init sets the umask to 077 for forked processes. We need to
+ * create files with exact permissions, without modification by
+ * the umask.
+ */
+ umask(000);
+
+ /* Prevent fire-and-forget children from becoming zombies.
+ * If we should need to wait() for some children in the future
+ * (as opposed to none right now), double-forking here instead
+ * of ignoring SIGCHLD may be the better solution.
+ */
signal(SIGCHLD, SIG_IGN);
open_devnull_stdio();