| Jeff Vander Stoep | c9ea211 | 2016-02-17 10:52:20 -0800 | [diff] [blame] | 1 | /* |
| 2 | ** |
| 3 | ** Copyright 2016, The Android Open Source Project |
| 4 | ** |
| 5 | ** Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | ** you may not use this file except in compliance with the License. |
| 7 | ** You may obtain a copy of the License at |
| 8 | ** |
| 9 | ** http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | ** |
| 11 | ** Unless required by applicable law or agreed to in writing, software |
| 12 | ** distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | ** See the License for the specific language governing permissions and |
| 15 | ** limitations under the License. |
| 16 | */ |
| 17 | |
| 18 | #include <cutils/log.h> |
| 19 | #include <libminijail.h> |
| 20 | |
| 21 | #include "minijail.h" |
| 22 | |
| 23 | namespace android { |
| 24 | |
| 25 | /* Must match location in Android.mk */ |
| 26 | static const char kSeccompFilePath[] = "/system/etc/seccomp_policy/mediacodec-seccomp.policy"; |
| 27 | |
| 28 | int MiniJail() |
| 29 | { |
| 30 | /* no seccomp policy for this architecture */ |
| 31 | if (access(kSeccompFilePath, R_OK) == -1) { |
| 32 | ALOGW("No seccomp filter defined for this architecture."); |
| 33 | return 0; |
| 34 | } |
| 35 | |
| 36 | struct minijail *jail = minijail_new(); |
| 37 | if (jail == NULL) { |
| 38 | ALOGW("Failed to create minijail."); |
| 39 | return -1; |
| 40 | } |
| 41 | |
| 42 | minijail_no_new_privs(jail); |
| 43 | minijail_log_seccomp_filter_failures(jail); |
| 44 | minijail_use_seccomp_filter(jail); |
| 45 | minijail_parse_seccomp_filters(jail, kSeccompFilePath); |
| 46 | minijail_enter(jail); |
| 47 | minijail_destroy(jail); |
| 48 | return 0; |
| 49 | } |
| 50 | } |