Create global seccomp policy. Enabling seccomp across all processes, rather than just zygote, is useful for auditing the syscall usage of AOSP. Create a global seccomp policy that can optionally be enabled by init. Bug: 37960259 Test: confirm global seccomp by removing finit_module from policy and observing modprobe fail, confirm regular seccomp unchanged by comparing length of installed bpf Change-Id: Iac53a42fa26a80b05126f262dd9525f4f66df558

commit: aa3f96c9c429fa6270d86fbd6485e3b12d7d9aa6 [log] [tgz]
author: Steve Muckle <smuckle@google.com> Thu Jul 20 13:11:54 2017 -0700
committer: Steve Muckle <smuckle@google.com> Fri Jul 21 20:30:21 2017 -0700
tree: 0c8221de1a0114d281bef45912f35dee6f6c3db3
parent: b8ce93974a675029c2c8360adf18bc67740658e1 [diff] [blame]
diff --git a/libc/SECCOMP_WHITELIST_GLOBAL.TXT b/libc/SECCOMP_WHITELIST_GLOBAL.TXT
new file mode 100644
index 0000000..f3e5a98
--- /dev/null
+++ b/libc/SECCOMP_WHITELIST_GLOBAL.TXT

@@ -0,0 +1,18 @@
+# This file is used to populate seccomp's global whitelist policy in
+# combination with SYSCALLS.TXT, SECCOMP_BLACKLIST.TXT and
+# SECCOMP_WHITELIST.TXT.  Unlike the policy used in normal operation this
+# policy is applied globally during the early stage of init, if global seccomp
+# is enabled.
+#
+# See the description at the top of SYSCALLS.TXT for an explanation of the
+# format of the entries in this file.
+#
+# This file is processed by a python script named genseccomp.py.
+
+# syscalls needed to boot android
+int swapon(const char*, int) all
+long keyctl(int, ...) all
+key_serial_t add_key(const char*, const char*, const void*, size_t, key_serial_t) all
+
+# b/62715671
+int finit_module(int, const char*, int) all
commit	aa3f96c9c429fa6270d86fbd6485e3b12d7d9aa6	[log] [tgz]
author	Steve Muckle <smuckle@google.com>	Thu Jul 20 13:11:54 2017 -0700
committer	Steve Muckle <smuckle@google.com>	Fri Jul 21 20:30:21 2017 -0700
tree	0c8221de1a0114d281bef45912f35dee6f6c3db3
parent	b8ce93974a675029c2c8360adf18bc67740658e1 [diff] [blame]