From e2cf79dd6d85c1ca42e5247e1cebca54d58c0d4b Mon Sep 17 00:00:00 2001
From: "pr.jung" <pr.jung@samsung.com>
Date: Thu, 28 Jan 2016 14:18:12 +0900
Subject: [PATCH] block: Fix security issues

 - Set mount flag MS_NOSUID | MS_NOEXEC.
 - Run mmc-smack-label command on file and directory (not include symlink)

Change-Id: I65efcaa5d3e27e1da08102a9ed6acad27a7e5709
Signed-off-by: pr.jung <pr.jung@samsung.com>
---
 scripts/mmc-smack-label | 3 ++-
 src/block/ext4.c        | 2 +-
 src/block/vfat.c        | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/scripts/mmc-smack-label b/scripts/mmc-smack-label
index 45c001f..1b8b8e4 100755
--- a/scripts/mmc-smack-label
+++ b/scripts/mmc-smack-label
@@ -4,4 +4,5 @@ MOUNT_DIRECTORY=$1
 find $MOUNT_DIRECTORY -type d | xargs chsmack -a 'System::Shared' -t
 find $MOUNT_DIRECTORY -type f | xargs chsmack -a 'System::Shared'
 find $MOUNT_DIRECTORY -type f | xargs chmod -x
-find $MOUNT_DIRECTORY | xargs chown $TZ_USER_NAME:$TZ_SYS_USER_GROUP
+find $MOUNT_DIRECTORY -type d | xargs chown $TZ_USER_NAME:$TZ_SYS_USER_GROUP
+find $MOUNT_DIRECTORY -type f | xargs chown $TZ_USER_NAME:$TZ_SYS_USER_GROUP
diff --git a/src/block/ext4.c b/src/block/ext4.c
index 4c78271..5f9b628 100644
--- a/src/block/ext4.c
+++ b/src/block/ext4.c
@@ -124,7 +124,7 @@ static int ext4_mount(bool smack, const char *devpath, const char *mount_point)
 {
 	int r, retry = RETRY_COUNT;
 	struct timespec time = {0,};
-	unsigned long mountflags = 0;
+	unsigned long mountflags = MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_DIRSYNC;
 
 	do {
 		r = mount(devpath, mount_point, "ext4", mountflags, NULL);
diff --git a/src/block/vfat.c b/src/block/vfat.c
index 6032147..430ac52 100644
--- a/src/block/vfat.c
+++ b/src/block/vfat.c
@@ -105,7 +105,7 @@ static int vfat_mount(bool smack, const char *devpath, const char *mount_point)
 	char options[NAME_MAX];
 	int r, retry = RETRY_COUNT;
 	struct timespec time = {0,};
-	unsigned long mountflags = 0;
+	unsigned long mountflags = MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_DIRSYNC;
 
 	if (smack)
 		snprintf(options, sizeof(options), "%s,%s", FS_VFAT_MOUNT_OPT, SMACKFS_MOUNT_OPT);
-- 
2.7.4