Revert "ANDROID: proc: smaps: Allow smaps access for CAP_SYS_RESOURCE"

This reverts commit ff8b80819cf4d76ff7fdfeb85d35f28f916105bd. This fixes CVE-2017-0710. SELinux allows more fine grained control: We grant processes that need access to smaps CAP_SYS_PTRACE but prohibit them from using ptrace attach(). Bug: 34951864 Bug: 36468447 Change-Id: I00a513188245a30bc63dcbdafbb9746bc6d9d6ff Signed-off-by: Daniel Mentz <danielmentz@google.com>
author: Daniel Mentz <danielmentz@google.com> 2017-07-06 18:13:08 -0700
committer: Amit Pundir <amit.pundir@linaro.org> 2017-08-23 18:53:22 +0530
commit: 04233a18865f542cad26eff9a1790df94c491e59 (patch)
tree: 913d1c349465a47b683ec78b2ab0cfdf9e2e26c8
parent: 8160d0f1b78577da77f7980135f1110f7213bd48 (diff)
download: linaro-android-04233a18865f542cad26eff9a1790df94c491e59.tar.gz
1 files changed, 1 insertions, 2 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index 103b55097dbd..17921b0390b4 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1050,8 +1050,7 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
 
 	mm = get_task_mm(task);
 	if (mm && mm != current->mm &&
-			!ptrace_may_access(task, mode) &&
-			!capable(CAP_SYS_RESOURCE)) {
+			!ptrace_may_access(task, mode)) {
 		mmput(mm);
 		mm = ERR_PTR(-EACCES);
 	}
author	Daniel Mentz <danielmentz@google.com>	2017-07-06 18:13:08 -0700
committer	Amit Pundir <amit.pundir@linaro.org>	2017-08-23 18:53:22 +0530
commit	04233a18865f542cad26eff9a1790df94c491e59 (patch)
tree	913d1c349465a47b683ec78b2ab0cfdf9e2e26c8
parent	8160d0f1b78577da77f7980135f1110f7213bd48 (diff)
download	linaro-android-04233a18865f542cad26eff9a1790df94c491e59.tar.gz