From 57f1b89db663bc492618970b06c09838b7b813c1 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 16 Jul 2014 18:42:36 -0700
Subject: [PATCH] lmkd: avoid locking libsigchain into memory

https://android-review.googlesource.com/94851 added an LD_PRELOAD
line to init.environ.rc.in. This has the effect of loading
libsigchain.so into every process' memory space, regardless of
whether it wants it or not.

For lmkd, it doesn't need libsigchain, so it doesn't make any sense
to load it and keep it locked in memory.

Disable noatsecure for lmkd. This sets AT_SECURE=1, which instructs the
linker to not honor security sensitive environment variables such
as LD_PRELOAD. This prevents libsigchain.so from being loaded into
lmkd's memory.

(cherry picked from commit 8a5b28d259b0b0867979075677cddaa4ba7cf615)

Change-Id: I39baaf62058986d35ad43de708aaa3daf93b2df4
---
 init.te | 4 ++--
 lmkd.te | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/init.te b/init.te
index abd069099..361fb8766 100644
--- a/init.te
+++ b/init.te
@@ -71,9 +71,9 @@ domain_trans(init, rootfs, watchdogd)
 
 # Certain domains need LD_PRELOAD passed from init.
 # https://android-review.googlesource.com/94851
-# For now, allow it to all domains.
+# For now, allow it to most domains.
 # TODO: scope this down.
-allow init domain:process noatsecure;
+allow init { domain -lmkd }:process noatsecure;
 
 # Support "adb shell stop"
 allow init domain:process sigkill;
diff --git a/lmkd.te b/lmkd.te
index 771c7805e..df8208f71 100644
--- a/lmkd.te
+++ b/lmkd.te
@@ -30,3 +30,8 @@ allow lmkd cgroup:dir { remove_name rmdir };
 
 # Set self to SCHED_FIFO
 allow lmkd self:capability sys_nice;
+
+### neverallow rules
+
+# never honor LD_PRELOAD
+neverallow domain lmkd:process noatsecure;
-- 
GitLab