From 95bd0062b2293bf0b8af05060e958923574933ff Mon Sep 17 00:00:00 2001
From: Marta Rybczynska <marta.rybczynska@huawei.com>
Date: Thu, 22 Jul 2021 14:04:07 +0200
Subject: [PATCH] binutils: harden installation permissions

Compilers and related utils are better restricted on production platforms.
Change permissions of all installed binutils tools to remove access from
users outside of the root group.

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
 meta-ohos-staging/recipes-devtools/binutils/binutils_2.37.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta-ohos-staging/recipes-devtools/binutils/binutils_2.37.bb b/meta-ohos-staging/recipes-devtools/binutils/binutils_2.37.bb
index ee9617de..e848867f 100644
--- a/meta-ohos-staging/recipes-devtools/binutils/binutils_2.37.bb
+++ b/meta-ohos-staging/recipes-devtools/binutils/binutils_2.37.bb
@@ -54,6 +54,10 @@ do_install_class-native () {
 	rmdir ${D}/${libdir}64 || :
 }
 
+do_install_append_class-target () {
+	chmod o-rx ${D}${prefix}/${TARGET_SYS}/bin/*
+}
+
 # libctf races with libbfd
 PARALLEL_MAKEINST_class-target = ""
 PARALLEL_MAKEINST_class-nativesdk = ""
-- 
GitLab