crash_dump: drop capabilities after we ptrace attach. am: 85bcaf68d3 am: 49ddc037c1 am: cf32d85d15
am: 59055fb75a
Change-Id: I495e0b213512c27c302e4e3a54881c96bc27709d
diff --git a/debuggerd/crash_dump.cpp b/debuggerd/crash_dump.cpp
index 4870eee..ed6d3b7 100644
--- a/debuggerd/crash_dump.cpp
+++ b/debuggerd/crash_dump.cpp
@@ -18,10 +18,12 @@
#include <dirent.h>
#include <fcntl.h>
#include <stdlib.h>
-#include <syscall.h>
+#include <sys/capability.h>
+#include <sys/prctl.h>
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/un.h>
+#include <syscall.h>
#include <unistd.h>
#include <limits>
@@ -191,6 +193,24 @@
_exit(1);
}
+static void drop_capabilities() {
+ __user_cap_header_struct capheader;
+ memset(&capheader, 0, sizeof(capheader));
+ capheader.version = _LINUX_CAPABILITY_VERSION_3;
+ capheader.pid = 0;
+
+ __user_cap_data_struct capdata[2];
+ memset(&capdata, 0, sizeof(capdata));
+
+ if (capset(&capheader, &capdata[0]) == -1) {
+ PLOG(FATAL) << "failed to drop capabilities";
+ }
+
+ if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) {
+ PLOG(FATAL) << "failed to set PR_SET_NO_NEW_PRIVS";
+ }
+}
+
static void check_process(int proc_fd, pid_t expected_pid) {
android::procinfo::ProcessInfo proc_info;
if (!android::procinfo::GetProcessInfoFromProcPidFd(proc_fd, &proc_info)) {
@@ -338,6 +358,9 @@
}
}
+ // Drop our capabilities now that we've attached to the threads we care about.
+ drop_capabilities();
+
check_process(target_proc_fd, target);
// TODO: Use seccomp to lock ourselves down.