From 081aa0a303ab09f10741d2ac2b1a409710792c72 Mon Sep 17 00:00:00 2001
From: Luis Hector Chavez <lhchavez@google.com>
Date: Wed, 14 Feb 2018 08:39:03 -0800
Subject: [PATCH] init.rc: Mount /mnt with nodev,nosuid,noexec

This change adds some additional flags to /mnt. This is to reduce
the number of mounts with unnecessary flags.

Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {StorageHostTest,ExternalStorageHostTest}
Test: CtsOsTestCases StorageManagerTest
Test: find /mnt  | egrep -v '^/mnt/runtime/(default|read|write)/emulated' | \
      xargs ls -lZd  # Shows no character devices or executable files
Change-Id: I54739133119d9626ebeb2ef9a1c127f7a90fa098
---
 rootdir/init.rc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index da3f82454..dcba63d19 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -82,7 +82,7 @@ on init
 
     # Mount staging areas for devices managed by vold
     # See storage config details at http://source.android.com/tech/storage/
-    mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000
+    mount tmpfs tmpfs /mnt nodev noexec nosuid mode=0755,uid=0,gid=1000
     restorecon_recursive /mnt
 
     mount configfs none /config