From 877494503698b38d21b455dc2376bf9ec5526064 Mon Sep 17 00:00:00 2001
From: Luis Hector Chavez <lhchavez@google.com>
Date: Wed, 14 Feb 2018 08:35:01 -0800
Subject: [PATCH] init.rc: Add nodev,noexec,nosuid to /config

This change adds some additional flags to the /config mount. This is to
reduce the number of mounts with unnecessary privileges.

Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {ExternalStorageHostTest,StorageHostTest}
Merged-In: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
Change-Id: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
---
 rootdir/init.rc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index f008c1748..0bed51b44 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -85,7 +85,7 @@ on init
     mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000
     restorecon_recursive /mnt
 
-    mount configfs none /config
+    mount configfs none /config nodev noexec nosuid
     chmod 0775 /config/sdcardfs
     chown system package_info /config/sdcardfs