Revert "zygote: don't drop CAP_SYS_PTRACE from the bounding set." am: 0a2d61505a am: c75e4153cf am: dc3f66c3be

am: 83a2e94983 Change-Id: I72de1024758be2575ecde3654df7d34337d94a64
author: Josh Gao <jmgao@google.com> 2017-02-06 19:06:28 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-02-06 19:06:28 +0000
commit: a39b08e9f037f0a89c41d222fbb1e3ad76358df9 (patch)
tree: 09db5d3858cbffad42f0ebfab4cb07758409924d
parent: cec9d8cee73aca31d255d44a50bcf0409cb43cc2 (diff)
parent: 83a2e94983a03c0d72cf0974a2847aecc98d56d5 (diff)
1 files changed, 0 insertions, 5 deletions
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index 5c65241e563e..070a2d96cd40 100644
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -247,11 +247,6 @@ static void EnableKeepCapabilities(JNIEnv* env) {
 
 static void DropCapabilitiesBoundingSet(JNIEnv* env) {
   for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
-    // Keep CAP_SYS_PTRACE in our bounding set so crash_dump can gain it.
-    if (i == CAP_SYS_PTRACE) {
-      continue;
-    }
-
     int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
     if (rc == -1) {
       if (errno == EINVAL) {
author	Josh Gao <jmgao@google.com>	2017-02-06 19:06:28 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-02-06 19:06:28 +0000
commit	a39b08e9f037f0a89c41d222fbb1e3ad76358df9 (patch)
tree	09db5d3858cbffad42f0ebfab4cb07758409924d
parent	cec9d8cee73aca31d255d44a50bcf0409cb43cc2 (diff)
parent	83a2e94983a03c0d72cf0974a2847aecc98d56d5 (diff)