diff options
| author | Nick Kralevich <nnk@google.com> | 2014-04-29 22:24:32 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2014-04-29 22:24:32 +0000 |
| commit | 1866e5dc8bb04b58a67e54f66cb4ec22e878667d (patch) | |
| tree | eced325cc0e5f124ef72eaeb8dd11b840fe2256f /cmds | |
| parent | c23f5651fd40eca1b751376c369fd9f3c9deb64e (diff) | |
| parent | af40649e4ad506e312b53518cd2b9f2b58dee3ba (diff) | |
| download | frameworks_base-1866e5dc8bb04b58a67e54f66cb4ec22e878667d.zip frameworks_base-1866e5dc8bb04b58a67e54f66cb4ec22e878667d.tar.gz frameworks_base-1866e5dc8bb04b58a67e54f66cb4ec22e878667d.tar.bz2 | |
am af40649e: Merge "Set NO_NEW_PRIVS on zygote init"
* commit 'af40649e4ad506e312b53518cd2b9f2b58dee3ba':
Set NO_NEW_PRIVS on zygote init
Diffstat (limited to 'cmds')
| -rw-r--r-- | cmds/app_process/app_main.cpp | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/cmds/app_process/app_main.cpp b/cmds/app_process/app_main.cpp index 3481437..82d13a6 100644 --- a/cmds/app_process/app_main.cpp +++ b/cmds/app_process/app_main.cpp @@ -19,6 +19,7 @@ #include <stdlib.h> #include <stdio.h> #include <unistd.h> +#include <sys/prctl.h> namespace android { @@ -146,6 +147,15 @@ static const char ZYGOTE_NICE_NAME[] = "zygote"; int main(int argc, char* const argv[]) { + if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) { + // Older kernels don't understand PR_SET_NO_NEW_PRIVS and return + // EINVAL. Don't die on such kernels. + if (errno != EINVAL) { + LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno)); + return 12; + } + } + AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv)); // Process command line arguments // ignore argv[0] |