Gitiles
Code Review Sign In
review.evervolv.com / android_bionic / 33e079900d51475c4ea70c8a1b2a0a01a1bce88d^! / . / libc / SECCOMP_WHITELIST_COMMON.TXT
commit33e079900d51475c4ea70c8a1b2a0a01a1bce88d[log] [tgz]
authorElliott Hughes <enh@google.com>Thu Jul 11 14:59:12 2019 -0700
committerElliott Hughes <enh@google.com>Thu Jul 11 14:59:12 2019 -0700
tree484f7528ebee1d5575b40b4f32a42a4e7cc609cf
parent7d10422499a323874084dbed969418db436fd771 [diff] [blame]
Explicitly add open/stat64 to the seccomp common whitelist.

They're used by 32-bit sanitizers. We used to get these for free (as the
comment says), but the place we got them from changed. Just be explicit.

Longer-term we should fix how we build the sanitizers to only use the
canonical system calls, like they already do for arm64.

Bug: https://issuetracker.google.com/136777266
Test: builds
Change-Id: If80a8d47aa345aaaa8bed32b44f020e06e504d49

diff --git a/libc/SECCOMP_WHITELIST_COMMON.TXT b/libc/SECCOMP_WHITELIST_COMMON.TXT
index 2faa559..43e7d1c 100644
--- a/libc/SECCOMP_WHITELIST_COMMON.TXT
+++ b/libc/SECCOMP_WHITELIST_COMMON.TXT

@@ -32,6 +32,7 @@
 pid_t	gettid:gettid()	all
 int	futex:futex(int *uaddr, int futex_op, int val, const struct timespec *timeout, int *uaddr2, int val3)	all
 int	clone:clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ..) all
+int	sigreturn:sigreturn(unsigned long __unused)	arm,x86,mips
 int	rt_sigreturn:rt_sigreturn(unsigned long __unused)	all
 int	rt_tgsigqueueinfo:int rt_tgsigqueueinfo(pid_t tgid, pid_t tid, int sig, siginfo_t *uinfo)	all
 int	restart_syscall:int restart_syscall()	all
@@ -54,17 +55,14 @@
 # Needed for debugging 32-bit Chrome
 int	pipe:pipe(int pipefd[2])	arm,x86,mips
 
-# b/34813887
+# Needed by breakpad (b/34813887).
 int	open:open(const char *path, int oflag, ... ) arm,x86,x86_64,mips
 int	getdents:getdents(unsigned int fd, struct linux_dirent *dirp, unsigned int count) arm,x86,x86_64,mips
 
-# syscalls needed to boot android
-int	sigreturn:sigreturn(unsigned long __unused)	arm,x86,mips
-
-# Needed by sanitizers (b/34606909)
-# 5 (__NR_open) and 195 (__NR_stat64) are also required, but they are
-# already allowed.
-ssize_t	readlink:readlink(const char *path, char *buf, size_t bufsiz)	arm,x86,x86_64,mips
+# Needed by sanitizers (b/34606909, b/136777266).
+int open:open(const char*, int, ...)  arm,x86,x86_64
+int stat64:stat64(const char*, struct stat64*)  arm,x86
+ssize_t readlink:readlink(const char*, char*, size_t)  arm,x86,x86_64
 
 # Probed for and conditionally used by ART.
 int membarrier(int cmd, int flags) all