debuggerd_handler: set PR_SET_PTRACER before running crash_dump.

Set and restore PR_SET_PTRACER when performing a dump, so that when
Android is running on a kernel that has the Yama LSM enabled (and the
value of ptrace_scope is > 0), crash_dump can attach to processes and
print nice, symbolized stack traces.

Bug: 70992745
Test: kill -6 `pidof surfaceflinger` && logcat -d -b crash
      # in both sailfish and Chrome OS

Change-Id: If4646442c6000fdcc69cf4ab95fdc71ae74baaaf

1 files changed, 16 insertions, 0 deletions

diff --git a/debuggerd/handler/debuggerd_handler.cpp b/debuggerd/handler/debuggerd_handler.cpp
index 96f3c7c54b..05e6efa604 100644
--- a/debuggerd/handler/debuggerd_handler.cpp
+++ b/debuggerd/handler/debuggerd_handler.cpp
@@ -500,6 +500,17 @@ static void debuggerd_signal_handler(int signal_number, siginfo_t* info, void* c
     fatal_errno("failed to set dumpable");
   }
 
+  // On kernels with yama_ptrace enabled, also allow any process to attach.
+  bool restore_orig_ptracer = true;
+  if (prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY) != 0) {
+    if (errno == EINVAL) {
+      // This kernel does not support PR_SET_PTRACER_ANY, or Yama is not enabled.
+      restore_orig_ptracer = false;
+    } else {
+      fatal_errno("failed to set traceable");
+    }
+  }
+
   // Essentially pthread_create without CLONE_FILES, so we still work during file descriptor
   // exhaustion.
   pid_t child_pid =
@@ -521,6 +532,11 @@ static void debuggerd_signal_handler(int signal_number, siginfo_t* info, void* c
     fatal_errno("failed to restore dumpable");
   }
 
+  // Restore PR_SET_PTRACER to its original value.
+  if (restore_orig_ptracer && prctl(PR_SET_PTRACER, 0) != 0) {
+    fatal_errno("failed to restore traceable");
+  }
+
   if (info->si_signo == DEBUGGER_SIGNAL) {
     // If the signal is fatal, don't unlock the mutex to prevent other crashing threads from
     // starting to dump right before our death.