Skip to content
Snippets Groups Projects
user avatar
Nick Kralevich authored
Commit https://android.googlesource.com/kernel/common/+/f0ce0eee added
CAP_SYS_RESOURCE as a capability check which would allow access to
sensitive /proc/PID files. However, in an SELinux based world, allowing
this access causes CAP_SYS_RESOURCE to duplicate what CAP_SYS_PTRACE
(without :process ptrace) already provides.

Use CAP_SYS_PTRACE instead of CAP_SYS_RESOURCE.

Add a neverallow rule to prevent system_server from using this
capability to ptrace attach to any other process. This limits the
capability of system_server to only reading sensitive /proc files, but
not ptrace() access.

Test: Device boots, functionality remains identical, no sys_resource
denials from system_server.
Bug: 34951864
Change-Id: I04d745b436ad75ee1ebecf0a61c6891858022e34
44866954
History
Name Last commit Last update