Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 6a4a3398325787f6cb1b93db17a7bf50d353e2a5
commit6a4a3398325787f6cb1b93db17a7bf50d353e2a5[log] [tgz]
authorVictor Hsieh <victorhsieh@google.com>Wed Dec 20 09:51:51 2017 -0800
committerVictor Hsieh <victorhsieh@google.com>Tue Jan 09 20:16:01 2018 +0000
tree2e412383fe03c921b144815814d93a249ff2245c
parent761b7b50d1dbc90334bc719d32bac13efcf3de80 [diff]
Move zygote's seccomp setup to post-fork

Before this change, seccomp filter setup is as early as in zygote's main
function.  To make it possible to split app and system server's filter,
this postpone the setup to after fork.  It also starts to call app
specific and system server specific setup function.

In terms of performance since this happens at fork, the measure shows
the overhead is negligible.  Assuming 130 instruction in the BPF, on
walleye, even when running on little core with fixed low frequency, each
setup took about 60.9us on average.  When it runs on big core with
higher frequency, it took about 39.3us.

Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Bug: 63944145

Change-Id: I748735b478405098beac1e200d911c13ea60e380
Merged-In: I748735b478405098beac1e200d911c13ea60e380
5 files changed
tree: 2e412383fe03c921b144815814d93a249ff2245c
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. legacy-test/
  12. libs/
  13. location/
  14. lowpan/
  15. media/
  16. native/
  17. nfc-extras/
  18. obex/
  19. opengl/
  20. packages/
  21. proto/
  22. rs/
  23. samples/
  24. sax/
  25. services/
  26. telecomm/
  27. telephony/
  28. test-mock/
  29. test-runner/
  30. tests/
  31. tools/
  32. vr/
  33. wifi/
  34. Android.bp
  35. Android.mk
  36. CleanSpec.mk
  37. MODULE_LICENSE_APACHE2
  38. NOTICE
  39. pathmap.mk
  40. PREUPLOAD.cfg