Make missing seccomp file fatal.
If there is an issue where this is not loaded, we should know.
Bug: 146059841
Test: boot health check on devices
Change-Id: I3c50078b254e3caff5c824024909cb722dfb1aae
diff --git a/services/minijail/minijail.cpp b/services/minijail/minijail.cpp
index f40f0c5..c7832b9 100644
--- a/services/minijail/minijail.cpp
+++ b/services/minijail/minijail.cpp
@@ -64,13 +64,6 @@
void SetUpMinijailList(const std::string& base_policy_path,
const std::vector<std::string>& additional_policy_paths)
{
- // No seccomp policy defined for this architecture.
- if (access(base_policy_path.c_str(), R_OK) == -1) {
- // LOG(WARNING) << "No seccomp policy defined for this architecture.";
- LOG(WARNING) << "missing base seccomp_policy file '" << base_policy_path << "'";
- return;
- }
-
std::string base_policy_content;
std::vector<std::string> additional_policy_contents;
if (!base::ReadFileToString(base_policy_path, &base_policy_content,
@@ -83,6 +76,7 @@
if (one_policy_path.length() > 0 &&
!base::ReadFileToString(one_policy_path, &one_policy_content,
false /* follow_symlinks */)) {
+ // TODO: harder failure (fatal unless ENOENT?)
LOG(WARNING) << "Could not read additional policy file '" << one_policy_path << "'";
}
additional_policy_contents.push_back(one_policy_content);