OSDN Git Service

(root) / android-x86 / bionic.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b8ce939) | patch
Create global seccomp policy.
authorSteve Muckle <smuckle@google.com>
Thu, 20 Jul 2017 20:11:54 +0000 (13:11 -0700)
committerSteve Muckle <smuckle@google.com>
Sat, 22 Jul 2017 03:30:21 +0000 (20:30 -0700)
commitaa3f96c9c429fa6270d86fbd6485e3b12d7d9aa6
tree0c8221de1a0114d281bef45912f35dee6f6c3db3tree | snapshot
parentb8ce93974a675029c2c8360adf18bc67740658e1commit | diff
Create global seccomp policy.

Enabling seccomp across all processes, rather than just zygote, is
useful for auditing the syscall usage of AOSP. Create a global seccomp
policy that can optionally be enabled by init.

Bug: 37960259
Test: confirm global seccomp by removing finit_module from policy and
      observing modprobe fail, confirm regular seccomp unchanged by
      comparing length of installed bpf
Change-Id: Iac53a42fa26a80b05126f262dd9525f4f66df558
12 files changed:
libc/SECCOMP_WHITELIST_GLOBAL.TXT [new file with mode: 0644] blob
libc/seccomp/Android.bp diff | blob | history
libc/seccomp/arm64_global_policy.cpp [new file with mode: 0644] blob
libc/seccomp/arm_global_policy.cpp [new file with mode: 0644] blob
libc/seccomp/include/seccomp_policy.h diff | blob | history
libc/seccomp/mips64_global_policy.cpp [new file with mode: 0644] blob
libc/seccomp/mips_global_policy.cpp [new file with mode: 0644] blob
libc/seccomp/seccomp_bpfs.h diff | blob | history
libc/seccomp/seccomp_policy.cpp diff | blob | history
libc/seccomp/x86_64_global_policy.cpp [new file with mode: 0644] blob
libc/seccomp/x86_global_policy.cpp [new file with mode: 0644] blob
libc/tools/genseccomp.py diff | blob | history
bionic
About OSDN
Find Software
Develop Software
Help