Close a security hole - do not give world readable/writable access to /data/drm
o related-to-bug: 5834297
Change-Id: I8e459610b4f69999be37364c2359b2bac82d4a2a
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 145f642..cad4cd8 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -175,8 +175,9 @@
# create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770 root root
- # create directory for DRM plug-ins
- mkdir /data/drm 0774 drm drm
+ # create directory for DRM plug-ins - give drm the read/write access to
+ # the following directory.
+ mkdir /data/drm 0770 drm drm
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems