Restrict zygote to system user.
CVE-2011-3918: Address denial of service attack against Android's
zygote process. This change enforces that only UID=system can
directly connect to zygote to spawn processes.
Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067
diff --git a/rootdir/init.rc b/rootdir/init.rc
index b9f111e..7299513 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -417,7 +417,7 @@
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
class main
- socket zygote stream 666
+ socket zygote stream 660 root system
onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on
onrestart restart media