An error occurred while fetching folder content.
Select Git revision
AndroidSystemSEPolicy
-
-
- Open in your IDE
- Download source code
Jordan Crouse
authored and
Iliyan Malchev
committed
VM_IO prevents mapped memory from being peeked by ptrace(). That
kind of protection isn't really needed for nominal GPU buffers.
A process given itself up to ptrace() already expects to be
examined so there is no additional risk to let the parent examine
GPU buffers too. This is done universally now, but there is no
reason why we wouldn't let the process choose which buffers to
keep private in the future.
That said; there is more of a concern about including GPU buffers
in a core dump since that is a more permanent and less secure
record of the memory so add VM_DONTDUMP for all GPU buffers to
protect against that.
CRs-Fixed: 654751
Change-Id: Ic0dedbade91a2ec458bcb27eff3312d4ec6e4389
Signed-off-by:
Jordan Crouse <jcrouse@codeaurora.org>
Name | Last commit | Last update |
---|