From e64594315b8e82fb4fe07245f33766003b6ad406 Mon Sep 17 00:00:00 2001 From: Victor Hsieh Date: Thu, 10 May 2018 12:16:22 -0700 Subject: [PATCH] When suid_dumpable == 2, set dumpable to 0 for apps Core dumps for zygote children are expected to be disabled in CTS, but on system like Chrome OS, suid_dumpable is 2, thus not compliant with CTS. This patch sets dumpable to 0 for apps when suid_dumpable is 2. Test: atest \ android.permission.cts.FileSystemPermissionTest#testAllBlockDevicesAreSecure \ android.os.cts.SecurityFeaturesTest#testPrctlDumpable \ android.seccomp.cts.SeccompHostJUnit4DeviceTest#testCTSSyscallBlocked Bug: 62379607 Bug: 79094505 Change-Id: Ida43b16590dca1e85a0f9549c779e38c00bc6a0c --- core/jni/com_android_internal_os_Zygote.cpp | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index e5281ff9b6247..8d6a2800a45d3 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -704,6 +704,26 @@ static pid_t ForkAndSpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArra fail_fn(CREATE_ERROR("setresuid(%d) failed: %s", uid, strerror(errno))); } + // The "dumpable" flag of a process, which controls core dump generation, is + // overwritten by the value in /proc/sys/fs/suid_dumpable when the effective + // user or group ID changes. See proc(5) for possible values. In most cases, + // the value is 0, so core dumps are disabled for zygote children. However, + // when running in a Chrome OS container, the value is already set to 2, + // which allows the external crash reporter to collect all core dumps. Since + // only system crashes are interested, core dump is disabled for app + // processes. This also ensures compliance with CTS. + int dumpable = prctl(PR_GET_DUMPABLE); + if (dumpable == -1) { + ALOGE("prctl(PR_GET_DUMPABLE) failed: %s", strerror(errno)); + RuntimeAbort(env, __LINE__, "prctl(PR_GET_DUMPABLE) failed"); + } + if (dumpable == 2 && uid >= AID_APP) { + if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1) { + ALOGE("prctl(PR_SET_DUMPABLE, 0) failed: %s", strerror(errno)); + RuntimeAbort(env, __LINE__, "prctl(PR_SET_DUMPABLE, 0) failed"); + } + } + if (NeedsNoRandomizeWorkaround()) { // Work around ARM kernel ASLR lossage (http://b/5817320). int old_personality = personality(0xffffffff);