Merge "zygote: don't drop CAP_SYS_PTRACE from the bounding set."

commit: 273b886c49c3b8a4b73127fcadc4303e89bfc04a [log] [tgz]
author: Josh Gao <jmgao@google.com> Wed Jan 25 21:16:57 2017 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Jan 25 21:16:58 2017 +0000
tree: 0255806f86eff271cdbdc9c5038ffc552ab892a8
parent: 500cf6720637317842f0a1b7ef0dca43f43ab4e2 [diff]
parent: 59972218f8c0d397fc50400a2b8b9be92ceeaf93 [diff]
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index a32dbad..516ab38 100644
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp

@@ -247,6 +247,11 @@
 
 static void DropCapabilitiesBoundingSet(JNIEnv* env) {
   for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
+    // Keep CAP_SYS_PTRACE in our bounding set so crash_dump can gain it.
+    if (i == CAP_SYS_PTRACE) {
+      continue;
+    }
+
     int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
     if (rc == -1) {
       if (errno == EINVAL) {
commit	273b886c49c3b8a4b73127fcadc4303e89bfc04a	[log] [tgz]
author	Josh Gao <jmgao@google.com>	Wed Jan 25 21:16:57 2017 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Jan 25 21:16:58 2017 +0000
tree	0255806f86eff271cdbdc9c5038ffc552ab892a8
parent	500cf6720637317842f0a1b7ef0dca43f43ab4e2 [diff]
parent	59972218f8c0d397fc50400a2b8b9be92ceeaf93 [diff]