Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 36397cb1 authored by Josh Gao's avatar Josh Gao
Browse files

Give crash_dump CAP_SYS_PTRACE. 

CAP_SYS_PTRACE is needed to ptrace processes that have capabilities
greater than their bounding set. Eventually, this will still be an
improvement, because we can ptrace attach, and then turn on a seccomp
filter that blocks further attaches.

Bug: http://b/34694637
Test: debuggerd `pidof system_server`
Change-Id: I4b9da164ec1fbb5060fdba590e886ac24b6a0785
parent 7e14d020

libcutils/fs_config.c

+5 −2
Original line number Diff line number Diff line
@@ -177,8 +177,11 @@ static const struct fs_path_config android_files[] = { 
                                           CAP_MASK_LONG(CAP_SETPCAP),

                                              "system/bin/webview_zygote64" },



    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/crash_dump32" },

    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/crash_dump64" },

    { 00755, AID_ROOT,      AID_SHELL,     CAP_MASK_LONG(CAP_SYS_PTRACE),

                                              "system/bin/crash_dump32" },

    { 00755, AID_ROOT,      AID_SHELL,     CAP_MASK_LONG(CAP_SYS_PTRACE),

                                              "system/bin/crash_dump64" },



    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/debuggerd" },

    { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/uncrypt" },

    { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/install-recovery.sh" },