Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 85bcaf68 authored by Josh Gao's avatar Josh Gao
Browse files

crash_dump: drop capabilities after we ptrace attach. 

Bug: http://b/34853272
Test: debuggerd -b `pidof system_server`
Test: debuggerd -b `pidof zygote`
Change-Id: Ic1e1a4b0eb1f561621800cd4cc9a5b848fc5ffd8
parent fe90276a

debuggerd/crash_dump.cpp

+24 −1
Original line number Diff line number Diff line
@@ -18,10 +18,12 @@ 
#include <dirent.h>

#include <fcntl.h>

#include <stdlib.h>

#include <syscall.h>

#include <sys/capability.h>

#include <sys/prctl.h>

#include <sys/ptrace.h>

#include <sys/types.h>

#include <sys/un.h>

#include <syscall.h>

#include <unistd.h>



#include <limits>
@@ -191,6 +193,24 @@ static void abort_handler(pid_t target, const bool& tombstoned_connected, 
  _exit(1);

}



static void drop_capabilities() {

  __user_cap_header_struct capheader;

  memset(&capheader, 0, sizeof(capheader));

  capheader.version = _LINUX_CAPABILITY_VERSION_3;

  capheader.pid = 0;



  __user_cap_data_struct capdata[2];

  memset(&capdata, 0, sizeof(capdata));



  if (capset(&capheader, &capdata[0]) == -1) {

    PLOG(FATAL) << "failed to drop capabilities";

  }



  if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) != 0) {

    PLOG(FATAL) << "failed to set PR_SET_NO_NEW_PRIVS";

  }

}



static void check_process(int proc_fd, pid_t expected_pid) {

  android::procinfo::ProcessInfo proc_info;

  if (!android::procinfo::GetProcessInfoFromProcPidFd(proc_fd, &proc_info)) {
@@ -338,6 +358,9 @@ int main(int argc, char** argv) { 
    }

  }



  // Drop our capabilities now that we've attached to the threads we care about.

  drop_capabilities();



  check_process(target_proc_fd, target);



  // TODO: Use seccomp to lock ourselves down.