From 09cdc0ea12598651d1c074974c9b593fd1c0e4ba Mon Sep 17 00:00:00 2001
From: James Dong <jdong@google.com>
Date: Fri, 6 Jan 2012 15:19:26 -0800
Subject: [PATCH] Close a security hole - do not give world readable/writable
 access to /data/drm

o related-to-bug: 5834297

Change-Id: I8e459610b4f69999be37364c2359b2bac82d4a2a
---
 rootdir/init.rc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 145f642fd..cad4cd868 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -175,8 +175,9 @@ on post-fs-data
     # create the lost+found directories, so as to enforce our permissions
     mkdir /data/lost+found 0770 root root
 
-    # create directory for DRM plug-ins
-    mkdir /data/drm 0774 drm drm
+    # create directory for DRM plug-ins - give drm the read/write access to
+    # the following directory.
+    mkdir /data/drm 0770 drm drm
 
     # If there is no fs-post-data action in the init.<device>.rc file, you
     # must uncomment this line, otherwise encrypted filesystems