195c73c9b2c5be50ab325099dc2160215ac7562a - LeafOS-Project/android_frameworks_base

commit	195c73c9b2c5be50ab325099dc2160215ac7562a	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Apr 25 15:01:24 2014 -0700
committer	Nick Kralevich <nnk@google.com>	Tue Apr 29 15:10:58 2014 -0700
tree	d96f10bd5467d1c3788e9393a6b9f5ee367c0b2c
parent	5c220cc4e4c0584a9083529b58e30e17ab7d2d9e [diff]

Set NO_NEW_PRIVS on zygote init

When app_process/zygote starts, make sure PR_SET_NO_NEW_PRIVS is set.
This prevents zygote spawned apps from acquiring new privileges
on exec.

In particular, this allows the CTS test
android.os.cts.SecurityFeaturesTest#testNoNewPrivs() to pass if ART is set
as the default runtime.

Change-Id: I81139cda999c7b1430242561aad28f566e9b6da0

cmds/app_process/app_main.cpp[diff]

1 file changed

tree: d96f10bd5467d1c3788e9393a6b9f5ee367c0b2c