Revert "ANDROID: proc: smaps: Allow smaps access for CAP_SYS_RESOURCE" This reverts commit ff8b80819cf4d76ff7fdfeb85d35f28f916105bd. This fixes CVE-2017-0710. SELinux allows more fine grained control: We grant processes that need access to smaps CAP_SYS_PTRACE but prohibit them from using ptrace attach(). Bug: 34951864 Bug: 36468447 Change-Id: I00a513188245a30bc63dcbdafbb9746bc6d9d6ff Signed-off-by: Daniel Mentz <danielmentz@google.com>

commit: 5b07c2d25292a742cda5ebb0b67248a19279b9e6 [log] [tgz]
author: Daniel Mentz <danielmentz@google.com> Thu Jul 06 18:13:08 2017 -0700
committer: Daniel Mentz <danielmentz@google.com> Fri Jul 21 11:10:17 2017 -0700
tree: d1ee1bfe4c2089089e2fa825e30a4aaed9878456
parent: 14accea70e449e15fb474c077658600e5f79f635 [diff] [blame]
diff --git a/kernel/fork.c b/kernel/fork.c
index 53c9a6a..59faac4 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c

@@ -1010,8 +1010,7 @@
 
 	mm = get_task_mm(task);
 	if (mm && mm != current->mm &&
-			!ptrace_may_access(task, mode) &&
-			!capable(CAP_SYS_RESOURCE)) {
+			!ptrace_may_access(task, mode)) {
 		mmput(mm);
 		mm = ERR_PTR(-EACCES);
 	}
commit	5b07c2d25292a742cda5ebb0b67248a19279b9e6	[log] [tgz]
author	Daniel Mentz <danielmentz@google.com>	Thu Jul 06 18:13:08 2017 -0700
committer	Daniel Mentz <danielmentz@google.com>	Fri Jul 21 11:10:17 2017 -0700
tree	d1ee1bfe4c2089089e2fa825e30a4aaed9878456
parent	14accea70e449e15fb474c077658600e5f79f635 [diff] [blame]