From 3380927e718fe136aa068f938db89c35b833e4b4 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Mon, 27 Feb 2017 12:41:50 -0800
Subject: [PATCH] Make secilc accessible by root only

There's no reason for SELinux policy compiler to be accessible by
anybode other than root.

Test: Device boots -- secilc isn't used yet anyway
Bug: 31363362
Change-Id: I26cf34f1412b8dd471f79271c491b473617a6df6
---
 libcutils/fs_config.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libcutils/fs_config.c b/libcutils/fs_config.c
index 7e27c3e67..75e2492cb 100644
--- a/libcutils/fs_config.c
+++ b/libcutils/fs_config.c
@@ -180,6 +180,7 @@ static const struct fs_path_config android_files[] = {
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/crash_dump32" },
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/crash_dump64" },
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/debuggerd" },
+    { 00700, AID_ROOT,      AID_ROOT,      0, "system/bin/secilc" },
     { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/uncrypt" },
     { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/install-recovery.sh" },
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/*" },