Unify media.codec and media.extractor Minijail usage.
That way we can modify this code in one place to take a list of seccomp
policy files.
This CL removes around 70 lines by unifying identical code. No change
in behavior.
Bug: 34723744
Test: media.codec, media.extractor start, have Seccomp.
Test: cat /proc/`pgrep .codec`/status | grep Seccomp
Seccomp: 2
Test: cat /proc/`pgrep .extractor`/status | grep Seccomp
Seccomp: 2
Change-Id: Ia8be7b9c3d6163804d2a45954f8d03315ae32e7a
diff --git a/services/mediaextractor/Android.mk b/services/mediaextractor/Android.mk
index 4e337a0..169c770 100644
--- a/services/mediaextractor/Android.mk
+++ b/services/mediaextractor/Android.mk
@@ -15,8 +15,9 @@
LOCAL_REQUIRED_MODULES_arm64 := mediaextractor-seccomp.policy
LOCAL_REQUIRED_MODULES_x86 := mediaextractor-seccomp.policy
# TODO add seccomp filter for x86_64.
-LOCAL_SRC_FILES := main_extractorservice.cpp minijail/minijail.cpp
-LOCAL_SHARED_LIBRARIES := libmedia libmediaextractorservice libbinder libutils liblog libicuuc libminijail
+LOCAL_SRC_FILES := main_extractorservice.cpp
+LOCAL_SHARED_LIBRARIES := libmedia libmediaextractorservice libbinder libutils \
+ liblog libbase libicuuc libavservices_minijail
LOCAL_STATIC_LIBRARIES := libicuandroid_utils
LOCAL_MODULE:= mediaextractor
LOCAL_INIT_RC := mediaextractor.rc
diff --git a/services/mediaextractor/main_extractorservice.cpp b/services/mediaextractor/main_extractorservice.cpp
index 245489e..69b2bdc 100644
--- a/services/mediaextractor/main_extractorservice.cpp
+++ b/services/mediaextractor/main_extractorservice.cpp
@@ -15,25 +15,24 @@
** limitations under the License.
*/
-#define LOG_TAG "mediaextractor"
-//#define LOG_NDEBUG 0
-
#include <fcntl.h>
#include <sys/prctl.h>
#include <sys/wait.h>
#include <binder/IPCThreadState.h>
#include <binder/ProcessState.h>
#include <binder/IServiceManager.h>
-#include <utils/Log.h>
// from LOCAL_C_INCLUDES
#include "IcuUtils.h"
#include "MediaExtractorService.h"
#include "MediaUtils.h"
-#include "minijail/minijail.h"
+#include "minijail.h"
using namespace android;
+// Must match location in Android.mk.
+static const char kSeccompPolicyPath[] = "/system/etc/seccomp_policy/mediaextractor-seccomp.policy";
+
int main(int argc __unused, char** argv)
{
limitProcessMemory(
@@ -42,7 +41,7 @@
20 /* upper limit as percentage of physical RAM */);
signal(SIGPIPE, SIG_IGN);
- MiniJail();
+ SetUpMinijail(kSeccompPolicyPath);
InitializeIcuOrDie();
diff --git a/services/mediaextractor/minijail/minijail.cpp b/services/mediaextractor/minijail/minijail.cpp
deleted file mode 100644
index c44d00d..0000000
--- a/services/mediaextractor/minijail/minijail.cpp
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
-**
-** Copyright 2015, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-
-#define LOG_TAG "minijail"
-
-#include <unistd.h>
-
-#include <log/log.h>
-
-#include <libminijail.h>
-
-#include "minijail.h"
-
-namespace android {
-
-/* Must match location in Android.mk */
-static const char kSeccompFilePath[] = "/system/etc/seccomp_policy/mediaextractor-seccomp.policy";
-
-int MiniJail()
-{
- /* no seccomp policy for this architecture */
- if (access(kSeccompFilePath, R_OK) == -1) {
- ALOGW("No seccomp filter defined for this architecture.");
- return 0;
- }
-
- struct minijail *jail = minijail_new();
- if (jail == NULL) {
- ALOGW("Failed to create minijail.");
- return -1;
- }
-
- minijail_no_new_privs(jail);
- minijail_log_seccomp_filter_failures(jail);
- minijail_use_seccomp_filter(jail);
- minijail_parse_seccomp_filters(jail, kSeccompFilePath);
- minijail_enter(jail);
- minijail_destroy(jail);
- return 0;
-}
-}
diff --git a/services/mediaextractor/minijail/minijail.h b/services/mediaextractor/minijail/minijail.h
deleted file mode 100644
index 6ea4487..0000000
--- a/services/mediaextractor/minijail/minijail.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
-**
-** Copyright 2015, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-
-namespace android {
-int MiniJail();
-}