From 98f9031aa858937da3aa4fac821b91ba093258f3 Mon Sep 17 00:00:00 2001
From: Avichal Rakesh <arakesh@google.com>
Date: Wed, 17 May 2023 18:41:46 -0700
Subject: [PATCH] usb.rc: Remove write permissions from uvc specific files

Files created by the uvc driver gives write permissions to 'other' by
default. This permission is not needed at runtime. To minimize write
privileges, this CL removes other's write permission from all uvc config
files that had it.

Bug: 242344229
Test: Manually verified that no files have other-write permissions
Change-Id: I67d504fa924f90f3a54dab5264ab1609050f5dd5
---
 conf/init.gs101.usb.rc | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/conf/init.gs101.usb.rc b/conf/init.gs101.usb.rc
index 110d1b7b..a5207b3b 100644
--- a/conf/init.gs101.usb.rc
+++ b/conf/init.gs101.usb.rc
@@ -109,6 +109,31 @@ on early-boot
     symlink /config/usb_gadget/g1/functions/uvc.0/streaming/header/h /config/usb_gadget/g1/functions/uvc.0/streaming/class/fs/h
     symlink /config/usb_gadget/g1/functions/uvc.0/streaming/header/h /config/usb_gadget/g1/functions/uvc.0/streaming/class/hs/h
     symlink /config/usb_gadget/g1/functions/uvc.0/streaming/header/h /config/usb_gadget/g1/functions/uvc.0/streaming/class/ss/h
+    # remove write permissions for 'others'
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/control/header/h/bcdUVC
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/control/header/h/dwClockFrequency
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/function_name
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming_interval
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming_maxburst
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming_maxpacket
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/bmCapabilities
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/dwDefaultFrameInterval
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/dwFrameInterval
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/dwMaxBitRate
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/dwMaxVideoFrameBufferSize
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/dwMinBitRate
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/wHeight
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/wWidth
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/bmCapabilities
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/dwDefaultFrameInterval
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/dwFrameInterval
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/dwMaxBitRate
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/dwMaxVideoFrameBufferSize
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/dwMinBitRate
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/wHeight
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/wWidth
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/bDefaultFrameIndex
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/bmaControls
 
     # chown file/folder permission
     chown system system /config/usb_gadget/