From dff584659c7aa04e9eea109b560beef69cc2cccd Mon Sep 17 00:00:00 2001
From: Todd Poynor <toddpoynor@google.com>
Date: Thu, 13 Apr 2017 15:17:24 -0700
Subject: [PATCH 1/2] reboot: fix owner and permissions of last_reboot_reason
 file

Default signature WriteStringToFile creates world-writeable files.
Set owner and group system and remove read/write for non-owner.

Bug: 37251463
Test: Manual: reboot, inspect
Change-Id: I6a29c678168dcae611b120dc52170f4eee7069a9
---
 init/reboot.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/init/reboot.cpp b/init/reboot.cpp
index 8e46d579e..e887677da 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -43,6 +43,7 @@
 #include <cutils/android_reboot.h>
 #include <fs_mgr.h>
 #include <logwrap/logwrap.h>
+#include <private/android_filesystem_config.h>
 
 #include "log.h"
 #include "property_service.h"
@@ -305,7 +306,8 @@ void DoReboot(unsigned int cmd, const std::string& reason, const std::string& re
     Timer t;
     LOG(INFO) << "Reboot start, reason: " << reason << ", rebootTarget: " << rebootTarget;
 
-    android::base::WriteStringToFile(StringPrintf("%s\n", reason.c_str()), LAST_REBOOT_REASON_FILE);
+    android::base::WriteStringToFile(StringPrintf("%s\n", reason.c_str()), LAST_REBOOT_REASON_FILE,
+                                     S_IRUSR | S_IWUSR, AID_SYSTEM, AID_SYSTEM);
 
     if (cmd == ANDROID_RB_THERMOFF) {  // do not wait if it is thermal
         DoThermalOff();

From e1e6edcf336f88c643a7a3d703bd53eed9233b72 Mon Sep 17 00:00:00 2001
From: Todd Poynor <toddpoynor@google.com>
Date: Thu, 13 Apr 2017 15:29:56 -0700
Subject: [PATCH 2/2] init.rc: create /data/misc/reboot owned by system

Directory will be read and modified by system uid.

Bug: 37251463
Test: Manual: reboot and inspect
Change-Id: I76212f65af991ff9ad0969b9c0b8460b80fb9cd2
---
 rootdir/init.rc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 0b3e3ee66..a440b7ac0 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -407,7 +407,7 @@ on post-fs-data
     mkdir /data/misc/boottrace 0771 system shell
     mkdir /data/misc/update_engine 0700 root root
     mkdir /data/misc/trace 0700 root root
-    mkdir /data/misc/reboot 0700 root root
+    mkdir /data/misc/reboot 0700 system system
     # profile file layout
     mkdir /data/misc/profiles 0771 system system
     mkdir /data/misc/profiles/cur 0771 system system