init.rc: Add documentation Android developers should never place files in /data/local/tmp. Files or directories in /data/local/tmp can be minipulated by the shell user. Android developers should never create world-writable files or directories. This is a common source of security vulnerabilities. Change-Id: I6d2cd620ab49d8ca3f39282f7d2ed682a9ba91c3

commit: f3ef1271f225d9f00bb4ebb0573eb3e03829f9a8 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Mar 14 15:22:54 2012 -0700
committer: Nick Kralevich <nnk@google.com> Wed Mar 14 15:36:47 2012 -0700
tree: cc2883dc2e10b0b2c92a5d3ab2ae752fde91d95b
parent: 1a87808b302898f8361664e80096dab0de81dfc0 [diff] [blame]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 2e8f7d2..438ac83 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -1,3 +1,9 @@
+# Copyright (C) 2012 The Android Open Source Project
+#
+# IMPORTANT: Do not create world writable files or directories.
+# This is a common source of Android security bugs.
+#
+
 import /init.${ro.hardware}.rc
 
 on early-init
@@ -163,6 +169,9 @@
     mkdir /data/misc/wifi 0770 wifi wifi
     chmod 0660 /data/misc/wifi/wpa_supplicant.conf
     mkdir /data/local 0751 root root
+
+    # For security reasons, /data/local/tmp should always be empty.
+    # Do not place files or directories in /data/local/tmp
     mkdir /data/local/tmp 0771 shell shell
     mkdir /data/data 0771 system system
     mkdir /data/app-private 0771 system system
commit	f3ef1271f225d9f00bb4ebb0573eb3e03829f9a8	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Mar 14 15:22:54 2012 -0700
committer	Nick Kralevich <nnk@google.com>	Wed Mar 14 15:36:47 2012 -0700
tree	cc2883dc2e10b0b2c92a5d3ab2ae752fde91d95b
parent	1a87808b302898f8361664e80096dab0de81dfc0 [diff] [blame]