am ab583454: am 1866e5dc: am af40649e: Merge "Set NO_NEW_PRIVS on zygote init"

* commit 'ab5834545da906f1a150672ead825c28a2e1f82a': Set NO_NEW_PRIVS on zygote init
2014-04-29 22:34:54 +00:00
parent 15c32f2699 ab5834545d
commit d37ae7c13d
1 changed files with 10 additions and 0 deletions
--- a/cmds/app_process/app_main.cpp
+++ b/cmds/app_process/app_main.cpp
@@ -19,6 +19,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <unistd.h>
+#include <sys/prctl.h>

 namespace android {

@@ -146,6 +147,15 @@ static const char ZYGOTE_NICE_NAME[] = "zygote";

 int main(int argc, char* const argv[])
 {
+    if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
+        // Older kernels don't understand PR_SET_NO_NEW_PRIVS and return
+        // EINVAL. Don't die on such kernels.
+        if (errno != EINVAL) {
+            LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));
+            return 12;
+        }
+    }
+
    AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv));
    // Process command line arguments
    // ignore argv[0]