From 6702256e0c07560baa89c043e24e87a0a84a8b73 Mon Sep 17 00:00:00 2001 From: Christopher Ferris Date: Fri, 16 Apr 2021 13:30:32 -0700 Subject: [PATCH] Allow another prctl call. A change was made so that pthread_create is calling prctl(PR_PAC_RESET_KEYS, ...) on aarch64. It's possible that other seccomp policies might need to change to allow this. Test: CrasherTest.seccomp_backtrace passes on aarch64. Change-Id: I9c4d1b3dca5f19a6285bf904bb942f1f52e42bd0 --- debuggerd/debuggerd_test.cpp | 2 +- debuggerd/seccomp_policy/crash_dump.arm64.policy | 2 +- debuggerd/seccomp_policy/crash_dump.policy.def | 5 +++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp index 144faeec0..93725b914 100644 --- a/debuggerd/debuggerd_test.cpp +++ b/debuggerd/debuggerd_test.cpp @@ -274,7 +274,7 @@ void CrasherTest::AssertDeath(int signo) { } if (signo == 0) { - ASSERT_TRUE(WIFEXITED(status)); + ASSERT_TRUE(WIFEXITED(status)) << "Terminated due to unexpected signal " << WTERMSIG(status); ASSERT_EQ(0, WEXITSTATUS(signo)); } else { ASSERT_FALSE(WIFEXITED(status)); diff --git a/debuggerd/seccomp_policy/crash_dump.arm64.policy b/debuggerd/seccomp_policy/crash_dump.arm64.policy index 1585cc6ee..21887abe0 100644 --- a/debuggerd/seccomp_policy/crash_dump.arm64.policy +++ b/debuggerd/seccomp_policy/crash_dump.arm64.policy @@ -24,7 +24,7 @@ tgkill: 1 rt_sigprocmask: 1 rt_sigaction: 1 rt_tgsigqueueinfo: 1 -prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == 0x53564d41 +prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == 0x53564d41 || arg0 == PR_PAC_RESET_KEYS madvise: 1 mprotect: arg2 in 0x1|0x2 munmap: 1 diff --git a/debuggerd/seccomp_policy/crash_dump.policy.def b/debuggerd/seccomp_policy/crash_dump.policy.def index cd5aad4cd..90843fcba 100644 --- a/debuggerd/seccomp_policy/crash_dump.policy.def +++ b/debuggerd/seccomp_policy/crash_dump.policy.def @@ -34,7 +34,12 @@ rt_sigaction: 1 rt_tgsigqueueinfo: 1 #define PR_SET_VMA 0x53564d41 +#if defined(__aarch64__) +// PR_PAC_RESET_KEYS happens on aarch64 in pthread_create path. +prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == PR_SET_VMA || arg0 == PR_PAC_RESET_KEYS +#else prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == PR_SET_VMA +#endif #if 0 libminijail on vendor partitions older than P does not have constants from .