Revert "ANDROID: proc: smaps: Allow smaps access for CAP_SYS_RESOURCE"
This reverts commit ff8b80819cf4d76ff7fdfeb85d35f28f916105bd.
This fixes CVE-2017-0710.
SELinux allows more fine grained control: We grant processes that need
access to smaps CAP_SYS_PTRACE but prohibit them from using ptrace
attach().
Bug: 34951864
Bug: 36468447
Change-Id: I00a513188245a30bc63dcbdafbb9746bc6d9d6ff
Signed-off-by: Daniel Mentz <danielmentz@google.com>
diff --git a/kernel/fork.c b/kernel/fork.c
index 53c9a6a..59faac4 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1010,8 +1010,7 @@
mm = get_task_mm(task);
if (mm && mm != current->mm &&
- !ptrace_may_access(task, mode) &&
- !capable(CAP_SYS_RESOURCE)) {
+ !ptrace_may_access(task, mode)) {
mmput(mm);
mm = ERR_PTR(-EACCES);
}