From 6a70ded7bfa8914aaa3dc25630ff2713ae893f80 Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Fri, 28 Oct 2016 14:49:53 -0700
Subject: logd: clear DUMPABLE

Do not allow anyone to see logd memory.

Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 32450474
Change-Id: Ic7377efcb7e1d3cd91b50741061037a0fb589045
---
 logd/main.cpp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'logd/main.cpp')

diff --git a/logd/main.cpp b/logd/main.cpp
index 0cb26dcb1a..1ac1415eda 100644
--- a/logd/main.cpp
+++ b/logd/main.cpp
@@ -106,6 +106,11 @@ static int drop_privs() {
         return -1;
     }
 
+    if (prctl(PR_SET_DUMPABLE, 0) < 0) {
+        android::prdebug("failed to clear PR_SET_DUMPABLE");
+        return -1;
+    }
+
     gid_t groups[] = { AID_READPROC };
     ScopedMinijail j(minijail_new());
     minijail_set_supplementary_gids(j.get(), arraysize(groups), groups);
-- 
cgit v1.2.3