commit | 7de66a0e2fc5d37e22710583e88be5aa53e6ed5b | [log] [tgz] |
---|---|---|
author | Joel Fernandes <joelaf@google.com> | Wed Jan 30 20:20:24 2019 +0000 |
committer | Android (Google) Code Review <android-gerrit@google.com> | Wed Jan 30 20:20:24 2019 +0000 |
tree | 0622372df1ccafd68d3d7a67fca7a2373946b826 | |
parent | a3e4fe3fd4f24ebcf9e69de52e2f0d3e2be3a816 [diff] | |
parent | d648399ddf41c4017bb04ecf45d160a4fcfa6611 [diff] |
Merge "Add memfd related syscalls to allowed list"
diff --git a/services/mediacodec/seccomp_policy/mediacodec-arm.policy b/services/mediacodec/seccomp_policy/mediacodec-arm.policy index edf4dab..0aa5acc 100644 --- a/services/mediacodec/seccomp_policy/mediacodec-arm.policy +++ b/services/mediacodec/seccomp_policy/mediacodec-arm.policy
@@ -13,6 +13,8 @@ ppoll: 1 mmap2: 1 getrandom: 1 +memfd_create: 1 +ftruncate64: 1 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail # parser support for '<' is in this needs to be modified to also prevent
diff --git a/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy b/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy index 588141a..b9adbd9 100644 --- a/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy +++ b/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy
@@ -21,6 +21,8 @@ ppoll: 1 mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE mmap2: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE +memfd_create: 1 +ftruncate64: 1 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail # parser support for '<' is in this needs to be modified to also prevent
diff --git a/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy b/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy index 1bee1b5..7abb432 100644 --- a/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy +++ b/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
@@ -26,6 +26,8 @@ fstat: 1 newfstatat: 1 fstatfs: 1 +memfd_create: 1 +ftruncate64: 1 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail # parser support for '<' is in this needs to be modified to also prevent