From 6a6d669bfca0386d2946f670c7316d5c7ecb7634 Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Thu, 23 Mar 2017 12:20:00 -0700 Subject: [PATCH] Expand whitelist Bug: 36449658 Test: Builds Change-Id: I610da03e7a3cede218d1657f53797ab72cbdf317 --- libc/SECCOMP_WHITELIST.TXT | 3 +++ libc/seccomp/arm_policy.cpp | 2 +- libc/seccomp/mips_policy.cpp | 2 +- libc/seccomp/x86_policy.cpp | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/libc/SECCOMP_WHITELIST.TXT b/libc/SECCOMP_WHITELIST.TXT index adbb176f0..f0e99e3bb 100644 --- a/libc/SECCOMP_WHITELIST.TXT +++ b/libc/SECCOMP_WHITELIST.TXT @@ -97,3 +97,6 @@ uid_t getuid() arm,x86 # b/36435222 int remap_file_pages(void *addr, size_t size, int prot, size_t pgoff, int flags) arm,x86,mips + +# b/36449658 +int rename(const char *oldpath, const char *newpath) arm,x86,mips diff --git a/libc/seccomp/arm_policy.cpp b/libc/seccomp/arm_policy.cpp index 94b1545b3..9f8b9fee8 100644 --- a/libc/seccomp/arm_policy.cpp +++ b/libc/seccomp/arm_policy.cpp @@ -23,7 +23,7 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 25, 110, 109), //getuid BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 27, 109, 108), //ptrace BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 36, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 34, 107, 106), //access -BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 38, 106, 105), //sync|kill +BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 39, 106, 105), //sync|kill|rename BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 57, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 51, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 45, 1, 0), diff --git a/libc/seccomp/mips_policy.cpp b/libc/seccomp/mips_policy.cpp index 279017e7b..01323ce40 100644 --- a/libc/seccomp/mips_policy.cpp +++ b/libc/seccomp/mips_policy.cpp @@ -25,7 +25,7 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4034, 92, 91), //access BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4054, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4045, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4041, 1, 0), -BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4038, 88, 87), //sync|kill +BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4039, 88, 87), //sync|kill|rename BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4044, 87, 86), //dup|pipe|times BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4049, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4048, 85, 84), //brk|setgid|getgid diff --git a/libc/seccomp/x86_policy.cpp b/libc/seccomp/x86_policy.cpp index ca02aa6c3..d9ee17b87 100644 --- a/libc/seccomp/x86_policy.cpp +++ b/libc/seccomp/x86_policy.cpp @@ -25,7 +25,7 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 34, 94, 93), //access BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 54, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 45, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 41, 1, 0), -BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 38, 90, 89), //sync|kill +BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 39, 90, 89), //sync|kill|rename BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 44, 89, 88), //dup|pipe|times BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 51, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 46, 87, 86), //brk