Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / d58a22471e64954c627c005fcf287422e017377d
commitd58a22471e64954c627c005fcf287422e017377d[log] [tgz]
authorHan Wang <416810799@qq.com>Wed Feb 17 06:17:04 2021 +0100
committerJackeagle <jackeagle102@gmail.com>Tue Sep 27 09:49:12 2022 +0200
treee84abf516ae383c6d67a1af96b9a23d8715a3e5f
parent5470b4f2545ee034c6fda0735c2c7dbce5dd8597 [diff]
base: Install seccomp filter even if selinux is permissive

 * If selinux is permissive, Google decide to disable seccomp
   filter because debug tools like strace needs both them to be
   disabled to work.

 * This is fine for developers, but if one runs selinux permissive
   in production, it will be super easy for a macilious app to gain
   root access on Q+, with newly interoduced ZygotePreload API.

 * Technical details:
   https://github.com/dantmnf/BrokenSandbox
   https://github.com/vvb2060/Magica

Change-Id: I1a1208a0a82d36aeb49820972429d106919d6bce
(cherry picked from commit 32cf8c9cb1915ef67526c4e961ecb6a2181b6934)
Signed-off-by: SuperDroidBond <superdroidbond@yahoo.com>
1 file changed
tree: e84abf516ae383c6d67a1af96b9a23d8715a3e5f
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. lowpan/
  19. media/
  20. mime/
  21. mms/
  22. native/
  23. nfc-extras/
  24. obex/
  25. omapi/
  26. opengl/
  27. packages/
  28. proto/
  29. rs/
  30. samples/
  31. sax/
  32. services/
  33. startop/
  34. telecomm/
  35. telephony/
  36. test-base/
  37. test-legacy/
  38. test-mock/
  39. test-runner/
  40. tests/
  41. tools/
  42. wifi/
  43. .clang-format
  44. .gitignore
  45. .mailmap
  46. Android.bp
  47. Android.mk
  48. ApiDocs.bp
  49. BATTERY_STATS_OWNERS
  50. CleanSpec.mk
  51. framework-jarjar-rules.txt
  52. GAME_MANAGER_OWNERS
  53. INPUT_OWNERS
  54. lint-baseline.xml
  55. METADATA
  56. MODULE_LICENSE_APACHE2
  57. MULTIUSER_OWNERS
  58. NOTICE
  59. OWNERS
  60. OWNERS.md
  61. PACKAGE_MANAGER_OWNERS
  62. pathmap.mk
  63. PREUPLOAD.cfg
  64. ProtoLibraries.bp
  65. StubLibraries.bp
  66. TEST_MAPPING
  67. TestProtoLibraries.bp
  68. TRACE_OWNERS
  69. ZYGOTE_OWNERS