From 7e14d020f18eec79481c562e35750a8391b71f77 Mon Sep 17 00:00:00 2001
From: Josh Gao <jmgao@google.com>
Date: Wed, 25 Jan 2017 11:15:37 -0800
Subject: [PATCH] debuggerd_handler: don't dump PR_NO_NEW_PRIVS processes.

We can't do an selinux transition when this is on.

Bug: http://b/34472671
Test: logcat -c; debuggerd `pidof media.codec`; logcat
Change-Id: Ie6c1832ab838df48879c32a86126862de9a15420
---
 debuggerd/handler/debuggerd_handler.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/debuggerd/handler/debuggerd_handler.cpp b/debuggerd/handler/debuggerd_handler.cpp
index 1af0bd1af..c009869c5 100644
--- a/debuggerd/handler/debuggerd_handler.cpp
+++ b/debuggerd/handler/debuggerd_handler.cpp
@@ -301,7 +301,14 @@ static void debuggerd_signal_handler(int signal_number, siginfo_t* info, void*)
     // The process has disabled core dumps and PTRACE_ATTACH, and does not want to be dumped.
     __libc_format_log(ANDROID_LOG_INFO, "libc",
                       "Suppressing debuggerd output because prctl(PR_GET_DUMPABLE)==0");
+    resend_signal(info, false);
+    return;
+  }
 
+  if (prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0) == 1) {
+    // The process has NO_NEW_PRIVS enabled, so we can't transition to the crash_dump context.
+    __libc_format_log(ANDROID_LOG_INFO, "libc",
+                      "Suppressing debuggerd output because prctl(PR_GET_NO_NEW_PRIVS)==1");
     resend_signal(info, false);
     return;
   }