commit 8bee17760265b5c1be963f0b32c4168bc40a2f0c
author Jorge Lucangeli Obes <jorgelo@google.com> Thu Feb 16 15:26:33 2017 -0500
committer Jorge Lucangeli Obes <jorgelo@google.com> Thu Feb 16 15:34:00 2017 -0500
tree 55cfa5ec42c66ba0011c1f399ef9aeaef29d2559
parent 6ab6061131a10b7f38074c156fd529fa3719a32b

Treat Seccomp failures as fatal errors.

The return value of SetUpMinijail is not being checked.
media.codec and media.extractor should not run without Seccomp if
there's a policy.

Bug: 34723744
Test: media.codec, media.extractor start, have Seccomp.
Test: cat /proc/`pgrep .codec`/status | grep Seccomp
      Seccomp:    2
Test: cat /proc/`pgrep .extractor`/status | grep Seccomp
      Seccomp:    2

Change-Id: I30c59d3193b3ebc8beace221741889afa2bbc8ae

services/minijail/minijail.cpp

diff --git a/services/minijail/minijail.cpp b/services/minijail/minijail.cpp
index 7b61ae8..f213287 100644
--- a/services/minijail/minijail.cpp
+++ b/services/minijail/minijail.cpp
@@ -53,20 +53,19 @@
     return pipefd[0];
 }
 
-int SetUpMinijail(const std::string& base_policy_path, const std::string& additional_policy_path)
+void SetUpMinijail(const std::string& base_policy_path, const std::string& additional_policy_path)
 {
     // No seccomp policy defined for this architecture.
     if (access(base_policy_path.c_str(), R_OK) == -1) {
         LOG(WARNING) << "No seccomp policy defined for this architecture.";
-        return 0;
+        return;
     }
 
     std::string base_policy_content;
     std::string additional_policy_content;
     if (!base::ReadFileToString(base_policy_path, &base_policy_content,
                                 false /* follow_symlinks */)) {
-        LOG(ERROR) << "Could not read base policy file '" << base_policy_path << "'";
-        return -1;
+        LOG(FATAL) << "Could not read base policy file '" << base_policy_path << "'";
     }
 
     if (additional_policy_path.length() > 0 &&
@@ -78,14 +77,12 @@
 
     base::unique_fd policy_fd(WritePolicyToPipe(base_policy_content, additional_policy_content));
     if (policy_fd.get() == -1) {
-        LOG(ERROR) << "Could not write seccomp policy to fd";
-        return -1;
+        LOG(FATAL) << "Could not write seccomp policy to fd";
     }
 
     ScopedMinijail jail{minijail_new()};
     if (!jail) {
-        LOG(ERROR) << "Failed to create minijail.";
-        return -1;
+        LOG(FATAL) << "Failed to create minijail.";
     }
 
     minijail_no_new_privs(jail.get());
@@ -94,6 +91,5 @@
     // Transfer ownership of |policy_fd|.
     minijail_parse_seccomp_filters_from_fd(jail.get(), policy_fd.release());
     minijail_enter(jail.get());
-    return 0;
 }
 }

services/minijail/minijail.h

diff --git a/services/minijail/minijail.h b/services/minijail/minijail.h
index 3d6db37..c8a2149 100644
--- a/services/minijail/minijail.h
+++ b/services/minijail/minijail.h
@@ -20,8 +20,7 @@
 namespace android {
 int WritePolicyToPipe(const std::string& base_policy_content,
                       const std::string& additional_policy_content);
-int SetUpMinijail(const std::string& base_policy_path,
-                  const std::string& additional_policy_path);
+void SetUpMinijail(const std::string& base_policy_path, const std::string& additional_policy_path);
 }
 
 #endif  // AV_SERVICES_MINIJAIL_MINIJAIL