Merge changes from topic "need-more-mremap" * changes: allow mremap to use MEMRMREMAP_MAYMOVE flag Give 32-bit mediaextractor permission to mremap()

commit: b3358b86368d4b4bd52bf5ab1b9495c39465b435 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Tue Apr 07 04:46:15 2020 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Apr 07 04:46:15 2020 +0000
tree: d574d9bfe7e99e9848eed4f2e40cece6649babe4
parent: f8dfe5762bfe432666375834480caa9b4b87bcb2 [diff]
parent: 00fc5578dbbc66e1a25739f67d4ecfa62c16366f [diff]
diff --git a/services/mediacodec/seccomp_policy/mediacodec-arm.policy b/services/mediacodec/seccomp_policy/mediacodec-arm.policy
index 3870a11..51564ca 100644
--- a/services/mediacodec/seccomp_policy/mediacodec-arm.policy
+++ b/services/mediacodec/seccomp_policy/mediacodec-arm.policy

@@ -23,7 +23,7 @@
 # on ARM is statically loaded at 0xffff 0000. See
 # http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html
 # for more details.
-mremap: arg3 == 3
+mremap: arg3 == 3 || arg3 == MREMAP_MAYMOVE
 munmap: 1
 mprotect: 1
 madvise: 1

diff --git a/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy b/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy
index 9042cd7..8705cf9 100644
--- a/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy
+++ b/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy

@@ -31,7 +31,7 @@
 # on ARM is statically loaded at 0xffff 0000. See
 # http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html
 # for more details.
-mremap: arg3 == 3
+mremap: arg3 == 3 || arg3 == MREMAP_MAYMOVE
 munmap: 1
 prctl: 1
 getuid32: 1

diff --git a/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy b/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
index 4faf8b2..85fd28d 100644
--- a/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
+++ b/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy

@@ -35,7 +35,7 @@
 # on ARM is statically loaded at 0xffff 0000. See
 # http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html
 # for more details.
-mremap: arg3 == 3
+mremap: arg3 == 3 || arg3 == MREMAP_MAYMOVE
 munmap: 1
 prctl: 1
 writev: 1

diff --git a/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy b/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy
index 964acf4..c61393d 100644
--- a/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy
+++ b/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy

@@ -45,6 +45,14 @@
 # for dynamically loading extractors
 pread64: 1
 
+# mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail
+# parser support for '<' is in this needs to be modified to also prevent
+# |old_address| and |new_address| from touching the exception vector page, which
+# on ARM is statically loaded at 0xffff 0000. See
+# http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html
+# for more details.
+mremap: arg3 == 3 || arg3 == MREMAP_MAYMOVE
+
 # for FileSource
 readlinkat: 1
 _llseek: 1
commit	b3358b86368d4b4bd52bf5ab1b9495c39465b435	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Tue Apr 07 04:46:15 2020 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Apr 07 04:46:15 2020 +0000
tree	d574d9bfe7e99e9848eed4f2e40cece6649babe4
parent	f8dfe5762bfe432666375834480caa9b4b87bcb2 [diff]
parent	00fc5578dbbc66e1a25739f67d4ecfa62c16366f [diff]