Merge "Add memfd related syscalls to allowed list"

commit: 7de66a0e2fc5d37e22710583e88be5aa53e6ed5b [log] [tgz]
author: Joel Fernandes <joelaf@google.com> Wed Jan 30 20:20:24 2019 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Wed Jan 30 20:20:24 2019 +0000
tree: 0622372df1ccafd68d3d7a67fca7a2373946b826
parent: a3e4fe3fd4f24ebcf9e69de52e2f0d3e2be3a816 [diff]
parent: d648399ddf41c4017bb04ecf45d160a4fcfa6611 [diff]
diff --git a/services/mediacodec/seccomp_policy/mediacodec-arm.policy b/services/mediacodec/seccomp_policy/mediacodec-arm.policy
index edf4dab..0aa5acc 100644
--- a/services/mediacodec/seccomp_policy/mediacodec-arm.policy
+++ b/services/mediacodec/seccomp_policy/mediacodec-arm.policy

@@ -13,6 +13,8 @@
 ppoll: 1
 mmap2: 1
 getrandom: 1
+memfd_create: 1
+ftruncate64: 1
 
 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail
 # parser support for '<' is in this needs to be modified to also prevent

diff --git a/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy b/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy
index 588141a..b9adbd9 100644
--- a/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy
+++ b/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy

@@ -21,6 +21,8 @@
 ppoll: 1
 mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
 mmap2: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
+memfd_create: 1
+ftruncate64: 1
 
 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail
 # parser support for '<' is in this needs to be modified to also prevent

diff --git a/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy b/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
index 1bee1b5..7abb432 100644
--- a/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
+++ b/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy

@@ -26,6 +26,8 @@
 fstat: 1
 newfstatat: 1
 fstatfs: 1
+memfd_create: 1
+ftruncate64: 1
 
 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail
 # parser support for '<' is in this needs to be modified to also prevent
commit	7de66a0e2fc5d37e22710583e88be5aa53e6ed5b	[log] [tgz]
author	Joel Fernandes <joelaf@google.com>	Wed Jan 30 20:20:24 2019 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Wed Jan 30 20:20:24 2019 +0000
tree	0622372df1ccafd68d3d7a67fca7a2373946b826
parent	a3e4fe3fd4f24ebcf9e69de52e2f0d3e2be3a816 [diff]
parent	d648399ddf41c4017bb04ecf45d160a4fcfa6611 [diff]