From 78f6f8b59d0de3409f56c4957aa2b5f7dd2291b3 Mon Sep 17 00:00:00 2001
From: Avichal Rakesh <arakesh@google.com>
Date: Mon, 12 Jun 2023 15:48:47 -0700
Subject: [PATCH] usb.rc: Remove write permissions from uvc specific files

Files created by the uvc driver gives write permissions to 'other' by
default. This permission is not needed at runtime. To minimize write
privileges, this CL removes other-write permission from all uvc config
files that had it.

Bug: 242344229
Test: Manually verified that no files have other-write permissions
Change-Id: I27611d0ba4ecf2851aef6ea8bd613284744142fb
---
 conf/init.gs201.usb.rc | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/conf/init.gs201.usb.rc b/conf/init.gs201.usb.rc
index 78356dfd..79626ee4 100644
--- a/conf/init.gs201.usb.rc
+++ b/conf/init.gs201.usb.rc
@@ -109,6 +109,31 @@ on early-boot
     symlink /config/usb_gadget/g1/functions/uvc.0/streaming/header/h /config/usb_gadget/g1/functions/uvc.0/streaming/class/fs/h
     symlink /config/usb_gadget/g1/functions/uvc.0/streaming/header/h /config/usb_gadget/g1/functions/uvc.0/streaming/class/hs/h
     symlink /config/usb_gadget/g1/functions/uvc.0/streaming/header/h /config/usb_gadget/g1/functions/uvc.0/streaming/class/ss/h
+    # remove write permissions for 'others'
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/control/header/h/bcdUVC
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/control/header/h/dwClockFrequency
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/function_name
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming_interval
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming_maxburst
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming_maxpacket
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/bmCapabilities
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/dwDefaultFrameInterval
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/dwFrameInterval
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/dwMaxBitRate
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/dwMaxVideoFrameBufferSize
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/dwMinBitRate
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/wHeight
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/1080p/wWidth
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/bmCapabilities
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/dwDefaultFrameInterval
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/dwFrameInterval
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/dwMaxBitRate
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/dwMaxVideoFrameBufferSize
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/dwMinBitRate
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/wHeight
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/720p/wWidth
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/bDefaultFrameIndex
+    chmod 664 /config/usb_gadget/g1/functions/uvc.0/streaming/mjpeg/m/bmaControls
 
 
     # chown file/folder permission