commit 2dde5ecefdf2691bdced553e4dfc276da1d9c17e
author Daniel Micay <danielmicay@gmail.com> Fri Sep 01 15:53:29 2017 -0400
committer Daniel Micay <danielmicay@gmail.com> Sat Sep 02 16:25:55 2017 -0400
tree 79c2b4315792daa557a56301ea10f17373691235
parent 7fa5bce9882698c578141fe48984c93f561a9caa

whitelist getrandom for arc4random usage

arc4random is called by the linker for dlopen to randomize the library
load order, among other uses. It's becoming more widely used over time.
It calls getentropy at regular intervals to reseed itself, which uses
the getrandom system call. This wasn't noticed because it reseeds only
very rarely with typical usage in Android.

This was quickly noticed on CopperheadOS where the hardened allocator
based on OpenBSD malloc uses at least one (often more) byte of entropy
from arc4random for each call to malloc, free, realloc, etc. It's still
needed *eventually* without the hardened allocator but it would take a
lot of plugin loading / unloading, etc. with dlopen / dlclose to hit it
at the moment.

Change-Id: I0a448e833916373871edfc68274ac31e314d54f7

services/mediacodec/seccomp_policy/mediacodec-arm.policy

diff --git a/services/mediacodec/seccomp_policy/mediacodec-arm.policy b/services/mediacodec/seccomp_policy/mediacodec-arm.policy
index 73857f8..8e1fc77 100644
--- a/services/mediacodec/seccomp_policy/mediacodec-arm.policy
+++ b/services/mediacodec/seccomp_policy/mediacodec-arm.policy
@@ -52,6 +52,7 @@
 fstatat64: 1
 ugetrlimit: 1
 getdents64: 1
+getrandom: 1
 
 # for attaching to debuggerd on process crash
 sigaction: 1

services/mediaextractor/seccomp_policy/mediaextractor-arm.policy

diff --git a/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy b/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy
index e06ac8c..4fa69d7 100644
--- a/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy
+++ b/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy
@@ -39,6 +39,7 @@
 getegid32: 1
 getgroups32: 1
 nanosleep: 1
+getrandom: 1
 
 # for FileSource
 readlinkat: 1

services/mediaextractor/seccomp_policy/mediaextractor-arm64.policy

diff --git a/services/mediaextractor/seccomp_policy/mediaextractor-arm64.policy b/services/mediaextractor/seccomp_policy/mediaextractor-arm64.policy
index 4b51457..e790a4c 100644
--- a/services/mediaextractor/seccomp_policy/mediaextractor-arm64.policy
+++ b/services/mediaextractor/seccomp_policy/mediaextractor-arm64.policy
@@ -28,6 +28,7 @@
 rt_sigreturn: 1
 getrlimit: 1
 nanosleep: 1
+getrandom: 1
 
 # for FileSource
 readlinkat: 1

services/mediaextractor/seccomp_policy/mediaextractor-x86.policy

diff --git a/services/mediaextractor/seccomp_policy/mediaextractor-x86.policy b/services/mediaextractor/seccomp_policy/mediaextractor-x86.policy
index cdff4db..3b37f92 100644
--- a/services/mediaextractor/seccomp_policy/mediaextractor-x86.policy
+++ b/services/mediaextractor/seccomp_policy/mediaextractor-x86.policy
@@ -37,6 +37,7 @@
 getegid32: 1
 getgroups32: 1
 nanosleep: 1
+getrandom: 1
 
 # for FileSource
 readlinkat: 1