call prctl(PR_SET_NO_NEW_PRIVS, 1) to prevent Zygote and zygote
spawned applications from aquiring new privileges.
Change-Id: I69bbf6bb5b01b877de414ecad43d3dffbd5fcea0
#include <linux/fs.h>
#include <cutils/fs.h>
#include <unistd.h>
+#ifdef HAVE_ANDROID_OS
+#include <sys/prctl.h>
+#endif
#include "Dalvik.h"
#include "test/Test.h"
return -1;
}
+#ifdef HAVE_ANDROID_OS
+ if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
+ if (errno == EINVAL) {
+ SLOGW("PR_SET_NO_NEW_PRIVS failed. "
+ "Is your kernel compiled correctly?: %s", strerror(errno));
+ // Don't return -1 here, since it's expected that not all
+ // kernels will support this option.
+ } else {
+ SLOGW("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));
+ return -1;
+ }
+ }
+#endif
+
return true;
}