Fix soundness issue in microdroid manager.
Logging in pre_exec is not safe, as it will use locks and other
resources of the parent process.
Bug: 290018030
Test: m rust
Change-Id: I15fce5d3d4733dcfb12ec871d8a5755155708561
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index 9548936..319d2df 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -858,19 +858,15 @@
}
};
+ // SAFETY: We are not accessing any resource of the parent process. This means we can't make any
+ // log calls inside the closure.
unsafe {
- // SAFETY: we are not accessing any resource of the parent process.
command.pre_exec(|| {
- info!("dropping capabilities before executing payload");
// It is OK to continue with payload execution even if the calls below fail, since
// whether process can use a capability is controlled by the SELinux. Dropping the
// capabilities here is just another defense-in-depth layer.
- if let Err(e) = cap::drop_inheritable_caps() {
- error!("failed to drop inheritable capabilities: {:?}", e);
- }
- if let Err(e) = cap::drop_bounding_set() {
- error!("failed to drop bounding set: {:?}", e);
- }
+ let _ = cap::drop_inheritable_caps();
+ let _ = cap::drop_bounding_set();
Ok(())
});
}