services/mediacodec/minijail/minijail.cpp

/*
**
** Copyright 2016, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
**     http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/

#define LOG_TAG "minijail"

#include <unistd.h>

#include <log/log.h>

#include <libminijail.h>

#include "minijail.h"

namespace android {

/* Must match location in Android.mk */
static const char kSeccompFilePath[] = "/system/etc/seccomp_policy/mediacodec-seccomp.policy";

int MiniJail()
{
    /* no seccomp policy for this architecture */
    if (access(kSeccompFilePath, R_OK) == -1) {
        ALOGW("No seccomp filter defined for this architecture.");
        return 0;
    }

    struct minijail *jail = minijail_new();
    if (jail == NULL) {
        ALOGW("Failed to create minijail.");
        return -1;
    }

    minijail_no_new_privs(jail);
    minijail_log_seccomp_filter_failures(jail);
    minijail_use_seccomp_filter(jail);
    minijail_parse_seccomp_filters(jail, kSeccompFilePath);
    minijail_enter(jail);
    minijail_destroy(jail);
    return 0;
}
}