commit 5e801e7bd52d890583f44dffc41116c2dbc2a770
author Lorenzo Colitti <lorenzo@google.com> Wed Mar 22 16:37:42 2017 +0900
committer Lorenzo Colitti <lorenzo@google.com> Wed Mar 22 17:03:19 2017 +0900
tree 15823bba1129e1a56d720d997634dc8e6ae6e961
parent 2a54ae97ebcb69fe0ca5807f860739f499079ca1

Make the xtables lock readable only by AID_RADIO and root.

Anyone who can read this file can call flock(..., LOCK_EX) on it,
thereby blocking any future iptables commands from running.
Restrict it to user AID_RADIO, which includes device-specific
network management daemons, and group root.

Bug: 36108349
Test: see https://android-review.googlesource.com/#/c/348939/
Change-Id: I4dae4b5a835fabdc1a61a330e0446b39651f8156