summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosh Gao2017-02-01 18:35:31 -0600
committerJosh Gao2017-02-02 15:54:38 -0600
commit85bcaf68d33ac0d92df0a3aa6ce34a09b382a9e6 (patch)
tree591479d3ea1ea411d6821aa3907da6c7a6285cfa /debuggerd/crash_dump.cpp
parentfe90276aee3f778e143236c882092331a9df7c32 (diff)
downloadplatform-system-core-85bcaf68d33ac0d92df0a3aa6ce34a09b382a9e6.tar.gz
platform-system-core-85bcaf68d33ac0d92df0a3aa6ce34a09b382a9e6.tar.xz
platform-system-core-85bcaf68d33ac0d92df0a3aa6ce34a09b382a9e6.zip
crash_dump: drop capabilities after we ptrace attach.
Bug: http://b/34853272 Test: debuggerd -b `pidof system_server` Test: debuggerd -b `pidof zygote` Change-Id: Ic1e1a4b0eb1f561621800cd4cc9a5b848fc5ffd8
Diffstat (limited to 'debuggerd/crash_dump.cpp')
-rw-r--r--debuggerd/crash_dump.cpp25
1 files changed, 24 insertions, 1 deletions
diff --git a/debuggerd/crash_dump.cpp b/debuggerd/crash_dump.cpp
index 4870eeeec..ed6d3b7c0 100644
--- a/debuggerd/crash_dump.cpp
+++ b/debuggerd/crash_dump.cpp
@@ -18,10 +18,12 @@
18#include <dirent.h> 18#include <dirent.h>
19#include <fcntl.h> 19#include <fcntl.h>
20#include <stdlib.h> 20#include <stdlib.h>
21#include <syscall.h> 21#include <sys/capability.h>
22#include <sys/prctl.h>
22#include <sys/ptrace.h> 23#include <sys/ptrace.h>
23#include <sys/types.h> 24#include <sys/types.h>
24#include <sys/un.h> 25#include <sys/un.h>
26#include <syscall.h>
25#include <unistd.h> 27#include <unistd.h>
26 28
27#include <limits> 29#include <limits>
@@ -191,6 +193,24 @@ static void abort_handler(pid_t target, const bool& tombstoned_connected,
191 _exit(1); 193 _exit(1);
192} 194}
193 195
196static void drop_capabilities() {
197 __user_cap_header_struct capheader;
198 memset(&capheader, 0, sizeof(capheader));
199 capheader.version = _LINUX_CAPABILITY_VERSION_3;
200 capheader.pid = 0;
201
202 __user_cap_data_struct capdata[2];
203 memset(&capdata, 0, sizeof(capdata));
204
205 if (capset(&capheader, &capdata[0]) == -1) {
206 PLOG(FATAL) << "failed to drop capabilities";
207 }
208
209 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) {
210 PLOG(FATAL) << "failed to set PR_SET_NO_NEW_PRIVS";
211 }
212}
213
194static void check_process(int proc_fd, pid_t expected_pid) { 214static void check_process(int proc_fd, pid_t expected_pid) {
195 android::procinfo::ProcessInfo proc_info; 215 android::procinfo::ProcessInfo proc_info;
196 if (!android::procinfo::GetProcessInfoFromProcPidFd(proc_fd, &proc_info)) { 216 if (!android::procinfo::GetProcessInfoFromProcPidFd(proc_fd, &proc_info)) {
@@ -338,6 +358,9 @@ int main(int argc, char** argv) {
338 } 358 }
339 } 359 }
340 360
361 // Drop our capabilities now that we've attached to the threads we care about.
362 drop_capabilities();
363
341 check_process(target_proc_fd, target); 364 check_process(target_proc_fd, target);
342 365
343 // TODO: Use seccomp to lock ourselves down. 366 // TODO: Use seccomp to lock ourselves down.