commit e5f21fc66794641b6b8cf2a4c6d252d281787a82
author bohu <bohu@google.com> Fri Dec 15 11:20:58 2017 -0800
committer bohu <bohu@google.com> Thu Jan 11 09:34:54 2018 -0800
tree c4f528c158aab141bb4e2b27ad2b80e7eefb666a
parent be8a5c6cd8c6af68852dc9ee6249796cc7ef1c86

mediacodec: add seccomp policy for x86 and x86_64

We had it for arm but not for x86; this cl adds it.

BUG: 70507558

Test: run cts -m CtsMediaTestCases and mediacodec should not
crash due to minijail
Test: launch emulator and mediacodec should not be killed by signal 31
Test: run cts -m CtsSecurityHostTestCases
-t android.security.cts.ProcessMustUseSeccompTest#testOmxHalHasSeccompFilter
should pass
Test: run cts -m CtsSecurityTestCases -t
android.security.cts.StagefrightTest#testStagefright_cve_2017_0600
Test: run cts -m CtsSecurityTestCases -t
android.security.cts.StagefrightTest#testStagefright_cve_2016_0842

Note: I only tested on emulator, not on real x86 device

Change-Id: I63bebc17eb2ae29df71823f8277f058ca7fd9625
Merged-In: I63bebc17eb2ae29df71823f8277f058ca7fd9625

services/mediacodec/Android.mk

diff --git a/services/mediacodec/Android.mk b/services/mediacodec/Android.mk
index 333f1b0..1ead944 100644
--- a/services/mediacodec/Android.mk
+++ b/services/mediacodec/Android.mk
@@ -21,6 +21,7 @@
 # seccomp is not required for coverage build.
 ifneq ($(NATIVE_COVERAGE),true)
 LOCAL_REQUIRED_MODULES_arm := mediacodec.policy
+LOCAL_REQUIRED_MODULES_x86 := mediacodec.policy
 endif
 LOCAL_SRC_FILES := main_codecservice.cpp
 LOCAL_SHARED_LIBRARIES := \
@@ -47,7 +48,7 @@
 include $(BUILD_EXECUTABLE)
 
 # service seccomp policy
-ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64))
+ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), x86 x86_64 arm arm64))
 include $(CLEAR_VARS)
 LOCAL_MODULE := mediacodec.policy
 LOCAL_MODULE_CLASS := ETC