From e142aa87d663a95d1bbab41543aafce24eced707 Mon Sep 17 00:00:00 2001
From: Mark Mentovai <mark@chromium.org>
Date: Fri, 7 Apr 2017 17:14:21 -0400
Subject: [PATCH] linux: Fix crashpad_util_test ScopedPtraceAttach.* with the
 Yama LSM

When Yama is enabled and /proc/sys/kernel/yama/ptrace_scope is set to 1
(YAMA_SCOPE_RELATIONAL), for a child to ptrace() its parent, the parent
must first call prctl(PR_SET_PTRACER, child_pid, ...).

Bug: crashpad:30
Test: crashpad_util_test ScopedPtraceAttach.*
Change-Id: Ic85e8551259f17f372b2362887e7701b833b4cb4
Reviewed-on: https://chromium-review.googlesource.com/472006
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
---
 compat/android/linux/prctl.h            | 25 ++++++++
 util/linux/scoped_ptrace_attach_test.cc | 82 ++++++++++++++++++++++---
 2 files changed, 98 insertions(+), 9 deletions(-)
 create mode 100644 compat/android/linux/prctl.h

diff --git a/compat/android/linux/prctl.h b/compat/android/linux/prctl.h
new file mode 100644
index 00000000..046f900f
--- /dev/null
+++ b/compat/android/linux/prctl.h
@@ -0,0 +1,25 @@
+// Copyright 2017 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef CRASHPAD_COMPAT_ANDROID_LINUX_PRCTL_H_
+#define CRASHPAD_COMPAT_ANDROID_LINUX_PRCTL_H_
+
+#include_next <linux/prctl.h>
+
+// Android 5.0.0 (API 21) NDK
+#if !defined(PR_SET_PTRACER)
+#define PR_SET_PTRACER 0x59616d61
+#endif
+
+#endif  // CRASHPAD_COMPAT_ANDROID_LINUX_PRCTL_H_
diff --git a/util/linux/scoped_ptrace_attach_test.cc b/util/linux/scoped_ptrace_attach_test.cc
index 3f7c1363..99072e4c 100644
--- a/util/linux/scoped_ptrace_attach_test.cc
+++ b/util/linux/scoped_ptrace_attach_test.cc
@@ -14,6 +14,8 @@
 
 #include "util/linux/scoped_ptrace_attach.h"
 
+#include <errno.h>
+#include <sys/prctl.h>
 #include <sys/ptrace.h>
 #include <unistd.h>
 
@@ -26,6 +28,40 @@ namespace crashpad {
 namespace test {
 namespace {
 
+class ScopedPrSetPtracer {
+ public:
+  explicit ScopedPrSetPtracer(pid_t pid) {
+    // PR_SET_PTRACER is only supported if the Yama Linux security module (LSM)
+    // is enabled. Otherwise, this prctl() call fails with EINVAL. See
+    // linux-4.9.20/security/yama/yama_lsm.c yama_task_prctl() and
+    // linux-4.9.20/kernel/sys.c [sys_]prctl().
+    //
+    // If Yama is not enabled, the default ptrace restrictions should be
+    // sufficient for these tests.
+    //
+    // If Yama is enabled, then /proc/sys/kernel/yama/ptrace_scope must be 0
+    // (YAMA_SCOPE_DISABLED, in which case this prctl() is not necessary) or 1
+    // (YAMA_SCOPE_RELATIONAL) for these tests to succeed. If it is 2
+    // (YAMA_SCOPE_CAPABILITY) then the test requires CAP_SYS_PTRACE, and if it
+    // is 3 (YAMA_SCOPE_NO_ATTACH), these tests will fail.
+    success_ = prctl(PR_SET_PTRACER, pid, 0, 0, 0) == 0;
+    if (!success_) {
+      EXPECT_EQ(errno, EINVAL) << ErrnoMessage("prctl");
+    }
+  }
+
+  ~ScopedPrSetPtracer() {
+    if (success_) {
+      EXPECT_EQ(prctl(PR_SET_PTRACER, 0, 0, 0, 0), 0) << ErrnoMessage("prctl");
+    }
+  }
+
+ private:
+  bool success_;
+
+  DISALLOW_COPY_AND_ASSIGN(ScopedPrSetPtracer);
+};
+
 class AttachTest : public Multiprocess {
  public:
   AttachTest() : Multiprocess() {}
@@ -45,21 +81,31 @@ class AttachToChildTest : public AttachTest {
 
  private:
   void MultiprocessParent() override {
+    // Wait for the child to set the parent as its ptracer.
+    char c;
+    CheckedReadFileExactly(ReadPipeHandle(), &c, sizeof(c));
+
     pid_t pid = ChildPID();
 
     ASSERT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), -1);
-    EXPECT_EQ(errno, ESRCH);
+    EXPECT_EQ(errno, ESRCH) << ErrnoMessage("ptrace");
 
     ScopedPtraceAttach attachment;
     ASSERT_EQ(attachment.ResetAttach(pid), true);
-    EXPECT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), kWord);
+    EXPECT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), kWord)
+        << ErrnoMessage("ptrace");
     attachment.Reset();
 
     ASSERT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), -1);
-    EXPECT_EQ(errno, ESRCH);
+    EXPECT_EQ(errno, ESRCH) << ErrnoMessage("ptrace");
   }
 
   void MultiprocessChild() override {
+    ScopedPrSetPtracer set_ptracer(getppid());
+
+    char c = '\0';
+    CheckedWriteFile(WritePipeHandle(), &c, sizeof(c));
+
     CheckedReadFileAtEOF(ReadPipeHandle());
   }
 
@@ -78,22 +124,31 @@ class AttachToParentResetTest : public AttachTest {
 
  private:
   void MultiprocessParent() override {
+    ScopedPrSetPtracer set_ptracer(ChildPID());
+    char c = '\0';
+    CheckedWriteFile(WritePipeHandle(), &c, sizeof(c));
+
     CheckedReadFileAtEOF(ReadPipeHandle());
   }
 
   void MultiprocessChild() override {
+    // Wait for the parent to set the child as its ptracer.
+    char c;
+    CheckedReadFileExactly(ReadPipeHandle(), &c, sizeof(c));
+
     pid_t pid = getppid();
 
     ASSERT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), -1);
-    EXPECT_EQ(errno, ESRCH);
+    EXPECT_EQ(errno, ESRCH) << ErrnoMessage("ptrace");
 
     ScopedPtraceAttach attachment;
     ASSERT_EQ(attachment.ResetAttach(pid), true);
-    EXPECT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), kWord);
+    EXPECT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), kWord)
+        << ErrnoMessage("ptrace");
     attachment.Reset();
 
     ASSERT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), -1);
-    EXPECT_EQ(errno, ESRCH);
+    EXPECT_EQ(errno, ESRCH) << ErrnoMessage("ptrace");
   }
 
   DISALLOW_COPY_AND_ASSIGN(AttachToParentResetTest);
@@ -111,20 +166,29 @@ class AttachToParentDestructorTest : public AttachTest {
 
  private:
   void MultiprocessParent() override {
+    ScopedPrSetPtracer set_ptracer(ChildPID());
+    char c = '\0';
+    CheckedWriteFile(WritePipeHandle(), &c, sizeof(c));
+
     CheckedReadFileAtEOF(ReadPipeHandle());
   }
 
   void MultiprocessChild() override {
+    // Wait for the parent to set the child as its ptracer.
+    char c;
+    CheckedReadFileExactly(ReadPipeHandle(), &c, sizeof(c));
+
     pid_t pid = getppid();
     ASSERT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), -1);
-    EXPECT_EQ(errno, ESRCH);
+    EXPECT_EQ(errno, ESRCH) << ErrnoMessage("ptrace");
     {
       ScopedPtraceAttach attachment;
       ASSERT_EQ(attachment.ResetAttach(pid), true);
-      EXPECT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), kWord);
+      EXPECT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), kWord)
+          << ErrnoMessage("ptrace");
     }
     ASSERT_EQ(ptrace(PTRACE_PEEKDATA, pid, &kWord, nullptr), -1);
-    EXPECT_EQ(errno, ESRCH);
+    EXPECT_EQ(errno, ESRCH) << ErrnoMessage("ptrace");
   }
 
   DISALLOW_COPY_AND_ASSIGN(AttachToParentDestructorTest);