Prepare setresuid()/setresgid() seccomp filter in AppZygote.
The application zygote can run untrusted user code; since it also has the capability to change the uid/gid of the process, we need to ensure that any changes to the uid and/or gid stay within the range that we have allocated for this application zygote. For application zygotes, we install the app_zygote seccomp filter instead of the regular app filter; the only difference between this filter and the app one is that it allows setuid/setgid calls. To further limit this, pass down the allocated UID range to the Zygote itself, which in turn installs an additional seccomp filter that restricts setuid/setgid calls to this range. The actual calls into seccomp are commented out until the seccomp changes are merged; to avoid catastrophe, this will leave the regular app filter for the app_zygote, which is more restrictive and doesn't allow setuid at all. Bug: 111434506 Test: atest CtsSeccompHostTestCases passes Change-Id: I112419629f5ee4774ccbf77e2b1cfa5ddcf77e73
Loading
Please register or sign in to comment