Add seccomp blacklist, and exclude swap functions Bug: 37253880 Test: Make sure device boots Run pylint on genseccomp.py, test_genseccomp.py Run test_genseccomp.py Run new CTS test cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.SeccompTest Change-Id: I833a5364a1481d65173e77654da1798dc45a3f9d

commit: 3dd3d55af2e73e0cda786368e94c65485bcc267b [log] [tgz]
author: Paul Lawrence <paullawrence@google.com> Wed Apr 12 10:02:54 2017 -0700
committer: Nick Kralevich <nnk@google.com> Wed Apr 12 19:34:33 2017 +0000
tree: c47aa639d6248dde551a61ffe5b3ca91c0ee21b8
parent: faf7f3542a1b7c850450df158072f021537f40c1 [diff] [blame]
diff --git a/libc/SECCOMP_WHITELIST.TXT b/libc/SECCOMP_WHITELIST.TXT
index ab6ce0b..7dadd39 100644
--- a/libc/SECCOMP_WHITELIST.TXT
+++ b/libc/SECCOMP_WHITELIST.TXT

@@ -1,4 +1,5 @@
-# This file is used to populate seccomp's whitelist policy in comination with SYSCALLS.txt.
+# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
+# Note that the resultant policy is applied only to zygote spawned processes.
 #
 # Each non-blank, non-comment line has the following format:
 #
commit	3dd3d55af2e73e0cda786368e94c65485bcc267b	[log] [tgz]
author	Paul Lawrence <paullawrence@google.com>	Wed Apr 12 10:02:54 2017 -0700
committer	Nick Kralevich <nnk@google.com>	Wed Apr 12 19:34:33 2017 +0000
tree	c47aa639d6248dde551a61ffe5b3ca91c0ee21b8
parent	faf7f3542a1b7c850450df158072f021537f40c1 [diff] [blame]