Merge changes from topic 'am-295882f6444845b0a2bcae920cb1f84d' into nyc-mr2-dev-plus-aosp
* changes:
Switch android.os.Debug to libdebuggerd_client. am: 3ce369601e am: 18e852e9aa am: e84a027259
app_process: don't use PR_SET_NO_NEW_PRIVS. am: 92517e4c03 am: b6025a2be1 am: f442f1bd66
Remove peercred check from NativeCrashListener. am: b9eb093c3c am: 9e5ef0e5d7 am: 3fa69351b8
diff --git a/cmds/app_process/app_main.cpp b/cmds/app_process/app_main.cpp
index d5580ac..0ea141c 100644
--- a/cmds/app_process/app_main.cpp
+++ b/cmds/app_process/app_main.cpp
@@ -184,10 +184,6 @@
int main(int argc, char* const argv[])
{
- if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
- LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));
- }
-
if (!LOG_NDEBUG) {
String8 argv_String;
for (int i = 0; i < argc; ++i) {
diff --git a/core/jni/Android.mk b/core/jni/Android.mk
index e01aa16..29b01fb 100644
--- a/core/jni/Android.mk
+++ b/core/jni/Android.mk
@@ -224,6 +224,7 @@
libnativehelper \
liblog \
libcutils \
+ libdebuggerd_client \
libutils \
libbinder \
libnetutils \
diff --git a/core/jni/android_os_Debug.cpp b/core/jni/android_os_Debug.cpp
index d8fbca8..cbe2bba 100644
--- a/core/jni/android_os_Debug.cpp
+++ b/core/jni/android_os_Debug.cpp
@@ -33,7 +33,7 @@
#include <string>
#include <android-base/stringprintf.h>
-#include <cutils/debugger.h>
+#include <debuggerd/client.h>
#include <log/log.h>
#include <utils/misc.h>
#include <utils/String8.h>
diff --git a/services/core/java/com/android/server/am/NativeCrashListener.java b/services/core/java/com/android/server/am/NativeCrashListener.java
index e2870d8..9348023 100644
--- a/services/core/java/com/android/server/am/NativeCrashListener.java
+++ b/services/core/java/com/android/server/am/NativeCrashListener.java
@@ -20,7 +20,6 @@
import android.system.ErrnoException;
import android.system.Os;
import android.system.StructTimeval;
-import android.system.StructUcred;
import android.system.UnixSocketAddress;
import android.util.Slog;
@@ -105,9 +104,9 @@
if (DEBUG) Slog.i(TAG, "Starting up");
- // The file system entity for this socket is created with 0700 perms, owned
- // by system:system. debuggerd runs as root, so is capable of connecting to
- // it, but 3rd party apps cannot.
+ // The file system entity for this socket is created with 0777 perms, owned
+ // by system:system. selinux restricts things so that only crash_dump can
+ // access it.
{
File socketFile = new File(DEBUGGERD_SOCKET_PATH);
if (socketFile.exists()) {
@@ -121,6 +120,7 @@
DEBUGGERD_SOCKET_PATH);
Os.bind(serverFd, sockAddr);
Os.listen(serverFd, 1);
+ Os.chmod(DEBUGGERD_SOCKET_PATH, 0777);
while (true) {
FileDescriptor peerFd = null;
@@ -129,19 +129,14 @@
peerFd = Os.accept(serverFd, null /* peerAddress */);
if (MORE_DEBUG) Slog.v(TAG, "Got debuggerd socket " + peerFd);
if (peerFd != null) {
- // Only the superuser is allowed to talk to us over this socket
- StructUcred credentials =
- Os.getsockoptUcred(peerFd, SOL_SOCKET, SO_PEERCRED);
- if (credentials.uid == 0) {
- // the reporting thread may take responsibility for
- // acking the debugger; make sure we play along.
- consumeNativeCrashData(peerFd);
- }
+ // the reporting thread may take responsibility for
+ // acking the debugger; make sure we play along.
+ consumeNativeCrashData(peerFd);
}
} catch (Exception e) {
Slog.w(TAG, "Error handling connection", e);
} finally {
- // Always ack debuggerd's connection to us. The actual
+ // Always ack crash_dump's connection to us. The actual
// byte written is irrelevant.
if (peerFd != null) {
try {
@@ -194,7 +189,7 @@
return totalRead;
}
- // Read the crash report from the debuggerd connection
+ // Read a crash report from the connection
void consumeNativeCrashData(FileDescriptor fd) {
if (MORE_DEBUG) Slog.i(TAG, "debuggerd connected");
final byte[] buf = new byte[4096];
@@ -205,6 +200,10 @@
Os.setsockoptTimeval(fd, SOL_SOCKET, SO_RCVTIMEO, timeout);
Os.setsockoptTimeval(fd, SOL_SOCKET, SO_SNDTIMEO, timeout);
+ // The socket is guarded by an selinux neverallow rule that only
+ // permits crash_dump to connect to it. This allows us to trust the
+ // received values.
+
// first, the pid and signal number
int headerBytes = readExactly(fd, buf, 0, 8);
if (headerBytes != 8) {