diff options
author | Josh Gao | 2017-02-01 18:35:31 -0600 |
---|---|---|
committer | Josh Gao | 2017-02-02 15:54:38 -0600 |
commit | 85bcaf68d33ac0d92df0a3aa6ce34a09b382a9e6 (patch) | |
tree | 591479d3ea1ea411d6821aa3907da6c7a6285cfa /debuggerd/crash_dump.cpp | |
parent | fe90276aee3f778e143236c882092331a9df7c32 (diff) | |
download | platform-system-core-85bcaf68d33ac0d92df0a3aa6ce34a09b382a9e6.tar.gz platform-system-core-85bcaf68d33ac0d92df0a3aa6ce34a09b382a9e6.tar.xz platform-system-core-85bcaf68d33ac0d92df0a3aa6ce34a09b382a9e6.zip |
crash_dump: drop capabilities after we ptrace attach.
Bug: http://b/34853272
Test: debuggerd -b `pidof system_server`
Test: debuggerd -b `pidof zygote`
Change-Id: Ic1e1a4b0eb1f561621800cd4cc9a5b848fc5ffd8
Diffstat (limited to 'debuggerd/crash_dump.cpp')
-rw-r--r-- | debuggerd/crash_dump.cpp | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/debuggerd/crash_dump.cpp b/debuggerd/crash_dump.cpp index 4870eeeec..ed6d3b7c0 100644 --- a/debuggerd/crash_dump.cpp +++ b/debuggerd/crash_dump.cpp | |||
@@ -18,10 +18,12 @@ | |||
18 | #include <dirent.h> | 18 | #include <dirent.h> |
19 | #include <fcntl.h> | 19 | #include <fcntl.h> |
20 | #include <stdlib.h> | 20 | #include <stdlib.h> |
21 | #include <syscall.h> | 21 | #include <sys/capability.h> |
22 | #include <sys/prctl.h> | ||
22 | #include <sys/ptrace.h> | 23 | #include <sys/ptrace.h> |
23 | #include <sys/types.h> | 24 | #include <sys/types.h> |
24 | #include <sys/un.h> | 25 | #include <sys/un.h> |
26 | #include <syscall.h> | ||
25 | #include <unistd.h> | 27 | #include <unistd.h> |
26 | 28 | ||
27 | #include <limits> | 29 | #include <limits> |
@@ -191,6 +193,24 @@ static void abort_handler(pid_t target, const bool& tombstoned_connected, | |||
191 | _exit(1); | 193 | _exit(1); |
192 | } | 194 | } |
193 | 195 | ||
196 | static void drop_capabilities() { | ||
197 | __user_cap_header_struct capheader; | ||
198 | memset(&capheader, 0, sizeof(capheader)); | ||
199 | capheader.version = _LINUX_CAPABILITY_VERSION_3; | ||
200 | capheader.pid = 0; | ||
201 | |||
202 | __user_cap_data_struct capdata[2]; | ||
203 | memset(&capdata, 0, sizeof(capdata)); | ||
204 | |||
205 | if (capset(&capheader, &capdata[0]) == -1) { | ||
206 | PLOG(FATAL) << "failed to drop capabilities"; | ||
207 | } | ||
208 | |||
209 | if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) { | ||
210 | PLOG(FATAL) << "failed to set PR_SET_NO_NEW_PRIVS"; | ||
211 | } | ||
212 | } | ||
213 | |||
194 | static void check_process(int proc_fd, pid_t expected_pid) { | 214 | static void check_process(int proc_fd, pid_t expected_pid) { |
195 | android::procinfo::ProcessInfo proc_info; | 215 | android::procinfo::ProcessInfo proc_info; |
196 | if (!android::procinfo::GetProcessInfoFromProcPidFd(proc_fd, &proc_info)) { | 216 | if (!android::procinfo::GetProcessInfoFromProcPidFd(proc_fd, &proc_info)) { |
@@ -338,6 +358,9 @@ int main(int argc, char** argv) { | |||
338 | } | 358 | } |
339 | } | 359 | } |
340 | 360 | ||
361 | // Drop our capabilities now that we've attached to the threads we care about. | ||
362 | drop_capabilities(); | ||
363 | |||
341 | check_process(target_proc_fd, target); | 364 | check_process(target_proc_fd, target); |
342 | 365 | ||
343 | // TODO: Use seccomp to lock ourselves down. | 366 | // TODO: Use seccomp to lock ourselves down. |