Paul Lawrence
7b4e7c4d55
Expand whitelist
...
Bug: 35906875
Test: Device boots, app runs further and fails with different error
Change-Id: I8df40ff85f8248504bca9a048510153970b31716
2017-03-02 18:48:13 +00:00
Paul Lawrence
dfe8434a62
Move seccomp policy to bionic
...
Test: Built and checked booted
Change-Id: Iaec1265fe5a55c4df90ab9e45b010ef36faf6bba
2017-02-27 12:42:39 -08:00
Paul Lawrence
98a53b7c74
Revert "Move seccomp policy to bionic"
...
This reverts commit 06a32206c5
2017-02-27 16:36:18 +00:00
Paul Lawrence
06a32206c5
Move seccomp policy to bionic
...
Test: Built and checked booted
Change-Id: If777eed75d5280c7a390399261e97125c04767b2
2017-02-24 12:52:19 -08:00
Paul Lawrence
0b2486a324
Expand whitelist
...
Bug: 35217603
Test: App no longer triggers seccomp exceptions when launched
Change-Id: I8ea904640a2f14c67a075e593067327407766220
2017-02-23 13:04:39 -08:00
Paul Lawrence
7ea4090c65
Autogenerate single policy from syscalls and whitelist
...
Bug: 35392119
Bug: 34465958
Test: Check boots and same syscalls are blocked as before
Change-Id: I9efa97032c59aebbbfd32e6f0d2d491f6254f0a2
2017-02-23 10:46:56 -08:00
Paul Lawrence
be8a2af2aa
Create seccomp policy without TRAP for further processing
...
Bug: 34946764
Test: Make sure boots, seccomp still blocks, and is faster
Change-Id: Ib4abf4307ae545ee69a3fb9328f62c760a1b40f7
2017-02-03 09:36:45 -08:00
Paul Lawrence
3d9fc696a5
Use trap not kill in seccomp filter
...
Bug: 34647665
Test: Make sure boots, check that causing a seccomp failure creates a
crash dump
Change-Id: I5ab2fe3e8322a3c38318c97d343834baa874af8d
2017-01-24 11:07:04 -08:00
Paul Lawrence
eabc352651
Add seccomp support library
...
Policy library which exports an autogenerated policy from SYSCALLS.TXT
blocking any other calls.
Test: Generate policy, install onto Sailfish, check boots, Chrome runs,
calls are blocked.
Bug: 32313202
Change-Id: Ib590704e50122f077eeae26561eb9b0a70386551
2017-01-19 13:38:47 -08:00
