Merge "Expand whitelist"

diff --git a/libc/SECCOMP_WHITELIST.TXT b/libc/SECCOMP_WHITELIST.TXT
index a2a54c6..d2ab20e 100644 (file)
--- a/libc/SECCOMP_WHITELIST.TXT
+++ b/libc/SECCOMP_WHITELIST.TXT
@@ -115,3 +115,6 @@ ssize_t copy_file_range(int fd_in, loff_t* off_in, int fd_out, loff_t* off_out,
 int mlock2(const void* addr, size_t len, int flags) all
 ssize_t preadv2(int fd, const struct iovec* iov, int iovcnt, off_t offset, int flags) all
 ssize_t pwritev2(int fd, const struct iovec* iov, int iovcnt, off_t offset, int flags) all
+
+# b/37769298
+int dup2(int oldfd, int newfd) arm,x86,mips

diff --git a/libc/seccomp/arm_policy.cpp b/libc/seccomp/arm_policy.cpp
index f565d63..a395188 100644 (file)
--- a/libc/seccomp/arm_policy.cpp
+++ b/libc/seccomp/arm_policy.cpp
@@ -35,9 +35,9 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 57, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 56, 103, 102), //ioctl|fcntl
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 58, 102, 101), //setpgid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 66, 3, 0),
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 64, 1, 0),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 63, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 62, 99, 98), //umask|chroot
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 65, 98, 97), //getppid
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 65, 98, 97), //dup2|getppid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 74, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 68, 96, 95), //setsid|sigaction
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 76, 95, 94), //sethostname|setrlimit

diff --git a/libc/seccomp/mips_policy.cpp b/libc/seccomp/mips_policy.cpp
index 57f3210..12fb1a9 100644 (file)
--- a/libc/seccomp/mips_policy.cpp
+++ b/libc/seccomp/mips_policy.cpp
@@ -32,11 +32,11 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4048, 91, 90), //brk|setgid|getgid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4054, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4053, 89, 88), //geteuid|getegid|acct|umount2
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4056, 88, 87), //ioctl|fcntl
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4064, 3, 0),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4063, 3, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4060, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4058, 85, 84), //setpgid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4062, 84, 83), //umask|chroot
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4065, 83, 82), //getppid
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4065, 83, 82), //dup2|getppid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4103, 13, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4088, 7, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4074, 3, 0),

diff --git a/libc/seccomp/x86_policy.cpp b/libc/seccomp/x86_policy.cpp
index 254db43..3247e45 100644 (file)
--- a/libc/seccomp/x86_policy.cpp
+++ b/libc/seccomp/x86_policy.cpp
@@ -32,11 +32,11 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 46, 93, 92), //brk
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 54, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 53, 91, 90), //acct|umount2
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 56, 90, 89), //ioctl|fcntl
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 64, 3, 0),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 63, 3, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 60, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 58, 87, 86), //setpgid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 62, 86, 85), //umask|chroot
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 65, 85, 84), //getppid
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 65, 85, 84), //dup2|getppid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 96, 13, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 88, 7, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 77, 3, 0),