From 36397cb1684d52b5a58612a9042884f975a4e12a Mon Sep 17 00:00:00 2001
From: Josh Gao <jmgao@google.com>
Date: Wed, 25 Jan 2017 11:48:23 -0800
Subject: [PATCH] Give crash_dump CAP_SYS_PTRACE.

CAP_SYS_PTRACE is needed to ptrace processes that have capabilities
greater than their bounding set. Eventually, this will still be an
improvement, because we can ptrace attach, and then turn on a seccomp
filter that blocks further attaches.

Bug: http://b/34694637
Test: debuggerd `pidof system_server`
Change-Id: I4b9da164ec1fbb5060fdba590e886ac24b6a0785
---
 libcutils/fs_config.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/libcutils/fs_config.c b/libcutils/fs_config.c
index b701bbaae..013999a95 100644
--- a/libcutils/fs_config.c
+++ b/libcutils/fs_config.c
@@ -177,8 +177,11 @@ static const struct fs_path_config android_files[] = {
                                            CAP_MASK_LONG(CAP_SETPCAP),
                                               "system/bin/webview_zygote64" },
 
-    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/crash_dump32" },
-    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/crash_dump64" },
+    { 00755, AID_ROOT,      AID_SHELL,     CAP_MASK_LONG(CAP_SYS_PTRACE),
+                                              "system/bin/crash_dump32" },
+    { 00755, AID_ROOT,      AID_SHELL,     CAP_MASK_LONG(CAP_SYS_PTRACE),
+                                              "system/bin/crash_dump64" },
+
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/debuggerd" },
     { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/uncrypt" },
     { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/install-recovery.sh" },