From ab439253091d1f23d60a1a5c3ff0f96b00833fc5 Mon Sep 17 00:00:00 2001
From: Jeferson Oliveira <jroliveira.oliveira301@gmail.com>
Date: Wed, 16 Aug 2023 19:36:59 +0200
Subject: [PATCH] sapphire: rootdir: Restrict apps access to /proc/net/unix

* Banking apps read the file /proc/net/unix to
  check system modifications, (in our case, custom rom)
  Let's avoid this by chmod it 440.

Test: Install a banking app as of Brazilian Nubank or PicPay, login.
Observed no side effects on any other proccess or apps

Change-Id: I12a356b7fe827ee005848108e2075534c7ec91bc
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
---
 rootdir/etc/init.xiaomi.rc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rootdir/etc/init.xiaomi.rc b/rootdir/etc/init.xiaomi.rc
index b37d30c..6a3fd14 100644
--- a/rootdir/etc/init.xiaomi.rc
+++ b/rootdir/etc/init.xiaomi.rc
@@ -59,6 +59,10 @@ on boot
 
     start nfc_hal_service
 
+on property:sys.boot_completed=1
+    # Only owner can acces this node
+    chmod 440 /proc/net/unix
+
 service stflashtool /vendor/bin/STFlashTool
     class late_start
     group nfc