diff options
author | Daisuke Okitsu <daisuke.x.okitsu@sonyericsson.com> | 2014-11-24 09:37:55 +0100 |
---|---|---|
committer | Jeff Sharkey <jsharkey@android.com> | 2014-11-24 08:39:15 -0800 |
commit | a5a4e9e0cad383f0c14dbe92a60b7d8150ae6b1f (patch) | |
tree | 3ea9d44eee0606b239c044287f24b0580c1e0217 | |
parent | 83d85563c51fa39cb61b836302a8c26fe0e2ace6 (diff) | |
download | core-a5a4e9e0cad383f0c14dbe92a60b7d8150ae6b1f.tar.gz |
sdcard: mount sdcard with the noexec option
Vold mounts the sdcard with noexec, but the fuse deamon
mounts with exec, so it is still possible to execute
binaries:
/dev/fuse /storage/sdcard1 fuse rw,nosuid,nodev,relatime,
user_id=1023,group_id=1023,default_permissions,allow_other 0 0
/dev/block/vold/179:65 /mnt/media_rw/sdcard1 vfat rw,dirsync,
nosuid,nodev,noexec,relatime,uid=1023,gid=1023,fmask=0007,
dmask=0007,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,
shortname=mixed,utf8,errors=remount-ro 0 0
With this change both vold and fuse mounts with noexec.
(cherry picked from commit f777d6694eecf6e61d9859df2090199863050017)
Change-Id: I66cbfc3a3a89a26958f83577f5e7a5e27f99184e
-rw-r--r-- | sdcard/sdcard.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sdcard/sdcard.c b/sdcard/sdcard.c index 7bf63943f..247ddd0ff 100644 --- a/sdcard/sdcard.c +++ b/sdcard/sdcard.c @@ -1807,7 +1807,7 @@ static int run(const char* source_path, const char* dest_path, uid_t uid, "fd=%i,rootmode=40000,default_permissions,allow_other,user_id=%d,group_id=%d", fd, uid, gid); - res = mount("/dev/fuse", dest_path, "fuse", MS_NOSUID | MS_NODEV, opts); + res = mount("/dev/fuse", dest_path, "fuse", MS_NOSUID | MS_NODEV | MS_NOEXEC, opts); if (res < 0) { ERROR("cannot mount fuse filesystem: %s\n", strerror(errno)); goto error; |