From ec00401dff2d0d6f517593f8d40a589693ce1100 Mon Sep 17 00:00:00 2001
From: Paul Lawrence <paullawrence@google.com>
Date: Thu, 25 May 2017 14:15:23 -0700
Subject: [PATCH] Expand whitelist

Bug: 37769298
Test: Boots. Cannot test app behavior without account
Change-Id: Iebb7616f100368bf2e702ec51f637df1f3727885
---
 libc/SECCOMP_WHITELIST.TXT   | 3 +++
 libc/seccomp/arm_policy.cpp  | 4 ++--
 libc/seccomp/mips_policy.cpp | 4 ++--
 libc/seccomp/x86_policy.cpp  | 4 ++--
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/libc/SECCOMP_WHITELIST.TXT b/libc/SECCOMP_WHITELIST.TXT
index a2a54c636..d2ab20e99 100644
--- a/libc/SECCOMP_WHITELIST.TXT
+++ b/libc/SECCOMP_WHITELIST.TXT
@@ -115,3 +115,6 @@ ssize_t copy_file_range(int fd_in, loff_t* off_in, int fd_out, loff_t* off_out,
 int mlock2(const void* addr, size_t len, int flags) all
 ssize_t preadv2(int fd, const struct iovec* iov, int iovcnt, off_t offset, int flags) all
 ssize_t pwritev2(int fd, const struct iovec* iov, int iovcnt, off_t offset, int flags) all
+
+# b/37769298
+int dup2(int oldfd, int newfd)	arm,x86,mips
diff --git a/libc/seccomp/arm_policy.cpp b/libc/seccomp/arm_policy.cpp
index f565d63ee..a395188e8 100644
--- a/libc/seccomp/arm_policy.cpp
+++ b/libc/seccomp/arm_policy.cpp
@@ -35,9 +35,9 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 57, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 56, 103, 102), //ioctl|fcntl
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 58, 102, 101), //setpgid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 66, 3, 0),
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 64, 1, 0),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 63, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 62, 99, 98), //umask|chroot
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 65, 98, 97), //getppid
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 65, 98, 97), //dup2|getppid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 74, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 68, 96, 95), //setsid|sigaction
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 76, 95, 94), //sethostname|setrlimit
diff --git a/libc/seccomp/mips_policy.cpp b/libc/seccomp/mips_policy.cpp
index 57f3210b3..12fb1a9ac 100644
--- a/libc/seccomp/mips_policy.cpp
+++ b/libc/seccomp/mips_policy.cpp
@@ -32,11 +32,11 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4048, 91, 90), //brk|setgid|getgid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4054, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4053, 89, 88), //geteuid|getegid|acct|umount2
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4056, 88, 87), //ioctl|fcntl
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4064, 3, 0),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4063, 3, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4060, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4058, 85, 84), //setpgid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4062, 84, 83), //umask|chroot
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4065, 83, 82), //getppid
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4065, 83, 82), //dup2|getppid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4103, 13, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4088, 7, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4074, 3, 0),
diff --git a/libc/seccomp/x86_policy.cpp b/libc/seccomp/x86_policy.cpp
index 254db43b3..3247e45de 100644
--- a/libc/seccomp/x86_policy.cpp
+++ b/libc/seccomp/x86_policy.cpp
@@ -32,11 +32,11 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 46, 93, 92), //brk
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 54, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 53, 91, 90), //acct|umount2
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 56, 90, 89), //ioctl|fcntl
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 64, 3, 0),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 63, 3, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 60, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 58, 87, 86), //setpgid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 62, 86, 85), //umask|chroot
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 65, 85, 84), //getppid
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 65, 85, 84), //dup2|getppid
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 96, 13, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 88, 7, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 77, 3, 0),
-- 
2.11.0