diff options
| author | Martijn Coenen <maco@google.com> | 2019-01-03 16:23:01 +0100 |
|---|---|---|
| committer | Martijn Coenen <maco@google.com> | 2019-01-18 16:37:09 +0100 |
| commit | 86f08a5190c8a36497ff3b9848ce3e6d0ba2e951 (patch) | |
| tree | 25eb1abc277faf7302e48f718edbd684213562a5 /tests/DynamicCodeLoggerIntegrationTests/src/cpp/test_executable.cpp | |
| parent | e9ffc741456af7823e958f9777ae5d8530e739b7 (diff) | |
Prepare setresuid()/setresgid() seccomp filter in AppZygote.
The application zygote can run untrusted user code; since it also
has the capability to change the uid/gid of the process, we need
to ensure that any changes to the uid and/or gid stay within the
range that we have allocated for this application zygote.
For application zygotes, we install the app_zygote seccomp
filter instead of the regular app filter; the only difference
between this filter and the app one is that it allows
setuid/setgid calls.
To further limit this, pass down the allocated UID range to the
Zygote itself, which in turn installs an additional seccomp
filter that restricts setuid/setgid calls to this range.
The actual calls into seccomp are commented out until the seccomp
changes are merged; to avoid catastrophe, this will leave the
regular app filter for the app_zygote, which is more restrictive
and doesn't allow setuid at all.
Bug: 111434506
Test: atest CtsSeccompHostTestCases passes
Change-Id: I112419629f5ee4774ccbf77e2b1cfa5ddcf77e73
Diffstat (limited to 'tests/DynamicCodeLoggerIntegrationTests/src/cpp/test_executable.cpp')
0 files changed, 0 insertions, 0 deletions