Merge "zygote: don't drop CAP_SYS_PTRACE from the bounding set." am: 273b886c49 am: e801810553

am: a07e5312cc

Change-Id: I9165a6dc33058ec4f7bd8a6c6f4426af405bda19

core/jni/com_android_internal_os_Zygote.cpp

@@ -247,6 +247,11 @@ static void EnableKeepCapabilities(JNIEnv* env) {
 
 static void DropCapabilitiesBoundingSet(JNIEnv* env) {
   for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
+    // Keep CAP_SYS_PTRACE in our bounding set so crash_dump can gain it.
+    if (i == CAP_SYS_PTRACE) {
+      continue;
+    }
+
     int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
     if (rc == -1) {
       if (errno == EINVAL) {