| commit | 3c49347c2ae3ae44d8a651c35e723e04b27d651d | [log] [tgz] |
|---|---|---|
| author | Joel Fernandes <joelaf@google.com> | Sat Dec 22 18:11:34 2018 -0800 |
| committer | Joel Fernandes <joelaf@google.com> | Fri Feb 01 15:43:30 2019 -0500 |
| tree | 6cc8fdfaa44947a06b7ac2ea60d89bf8cfb6e706 | |
| parent | caac4484db371ceee0ace2a944e0286af051c02b [diff] |
Add memfd related missing syscalls to allowed list Bug: 113362644 Change-Id: I7ae3305ad12600a38faebf0b66cb5b954862df5e Signed-off-by: Joel Fernandes <joelaf@google.com>
diff --git a/services/mediacodec/seccomp_policy/mediacodec-arm.policy b/services/mediacodec/seccomp_policy/mediacodec-arm.policy index 0aa5acc..9bdd4c8 100644 --- a/services/mediacodec/seccomp_policy/mediacodec-arm.policy +++ b/services/mediacodec/seccomp_policy/mediacodec-arm.policy
@@ -14,6 +14,7 @@ mmap2: 1 getrandom: 1 memfd_create: 1 +ftruncate: 1 ftruncate64: 1 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail
diff --git a/services/mediacodec/seccomp_policy/mediacodec-x86.policy b/services/mediacodec/seccomp_policy/mediacodec-x86.policy index 6d88c84..a48cedb 100644 --- a/services/mediacodec/seccomp_policy/mediacodec-x86.policy +++ b/services/mediacodec/seccomp_policy/mediacodec-x86.policy
@@ -55,6 +55,9 @@ nanosleep: 1 sched_setscheduler: 1 uname: 1 +memfd_create: 1 +ftruncate: 1 +ftruncate64: 1 # Required by AddressSanitizer gettid: 1
diff --git a/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy b/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy index b9adbd9..02cedba 100644 --- a/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy +++ b/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy
@@ -22,6 +22,7 @@ mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE mmap2: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE memfd_create: 1 +ftruncate: 1 ftruncate64: 1 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail
diff --git a/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy b/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy index 7abb432..78ecaf5 100644 --- a/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy +++ b/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
@@ -27,6 +27,7 @@ newfstatat: 1 fstatfs: 1 memfd_create: 1 +ftruncate: 1 ftruncate64: 1 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail