Paul Lawrence
6a6d669bfc
Expand whitelist
...
Bug: 36449658
Test: Builds
Change-Id: I610da03e7a3cede218d1657f53797ab72cbdf317
2017-03-23 12:21:29 -07:00
Paul Lawrence
65b47c9fe0
Fix problem that we don't block syscalls below min value
...
The check that we are not below the lowest permitted syscall was
off by one, so we always allowed them, rather than always denying
them
Test: Check arm64 boots, chrome and maps work
mips and mips64 emulators boot
Note that arm, x86 and x86_64 already allow syscall 0 so there
will be no functional change there
Change-Id: I85873f1d04124e634e648bd47c027f280f1d6dbd
2017-03-22 09:48:17 -07:00
Paul Lawrence
822ecece23
Expand whitelist
...
Bug: 36435222
Test: App starts, plays game
Change-Id: If21f59e4d218be64fdac46115d35dc1ffb6fe771
2017-03-20 11:03:19 -07:00
Paul Lawrence
89fa81fda3
Support all architectures in seccomp
...
Test: Make sure arm, x86, x86_64, mips, mips64 emulators boot
Make sure sailfish still boots
Ran CTS test from
https://android-review.googlesource.com/#/c/348671/3 and it passed
The instructions for how to run mips emulators above worked, but
the CTS tests did not seem to actually run.
Change-Id: Iddee5acdb19ed32c7bd4657573313ca439cf6a49
2017-03-13 18:26:50 +00:00
Paul Lawrence
34ddaaf256
Expand whitelist
...
Bug: 35879294
Test: Builds, boots. No easy test for reported issues.
Change-Id: Ib68a36f849a8dab14426600cdc6401fa8bb5b914
2017-03-07 15:23:08 -08:00
Elliott Hughes
cdf19c84e8
Merge "Generate both static and shared libseccomp_policy."
2017-03-04 00:20:13 +00:00
Paul Lawrence
e6daf3f34a
Expand whitelist
...
Bug: 35917228
Test: App now runs fine with setenforce 0
Change-Id: I039385e5d0e5105ec337c62dd098dd1662442a2e
2017-03-03 11:19:08 -08:00
Elliott Hughes
926add1593
Generate both static and shared libseccomp_policy.
...
Also switch to Android.bp
Bug: N/A
Test: builds
Change-Id: I33697a40b30d071f8d07aa33e1fb2b0c6e8a9f6d
2017-03-02 18:57:44 -08:00
Paul Lawrence
7b4e7c4d55
Expand whitelist
...
Bug: 35906875
Test: Device boots, app runs further and fails with different error
Change-Id: I8df40ff85f8248504bca9a048510153970b31716
2017-03-02 18:48:13 +00:00
Paul Lawrence
dfe8434a62
Move seccomp policy to bionic
...
Test: Built and checked booted
Change-Id: Iaec1265fe5a55c4df90ab9e45b010ef36faf6bba
2017-02-27 12:42:39 -08:00
Paul Lawrence
98a53b7c74
Revert "Move seccomp policy to bionic"
...
This reverts commit 06a32206c5
2017-02-27 16:36:18 +00:00
Paul Lawrence
06a32206c5
Move seccomp policy to bionic
...
Test: Built and checked booted
Change-Id: If777eed75d5280c7a390399261e97125c04767b2
2017-02-24 12:52:19 -08:00
Paul Lawrence
0b2486a324
Expand whitelist
...
Bug: 35217603
Test: App no longer triggers seccomp exceptions when launched
Change-Id: I8ea904640a2f14c67a075e593067327407766220
2017-02-23 13:04:39 -08:00
Paul Lawrence
7ea4090c65
Autogenerate single policy from syscalls and whitelist
...
Bug: 35392119
Bug: 34465958
Test: Check boots and same syscalls are blocked as before
Change-Id: I9efa97032c59aebbbfd32e6f0d2d491f6254f0a2
2017-02-23 10:46:56 -08:00
Paul Lawrence
be8a2af2aa
Create seccomp policy without TRAP for further processing
...
Bug: 34946764
Test: Make sure boots, seccomp still blocks, and is faster
Change-Id: Ib4abf4307ae545ee69a3fb9328f62c760a1b40f7
2017-02-03 09:36:45 -08:00
Paul Lawrence
3d9fc696a5
Use trap not kill in seccomp filter
...
Bug: 34647665
Test: Make sure boots, check that causing a seccomp failure creates a
crash dump
Change-Id: I5ab2fe3e8322a3c38318c97d343834baa874af8d
2017-01-24 11:07:04 -08:00
Paul Lawrence
eabc352651
Add seccomp support library
...
Policy library which exports an autogenerated policy from SYSCALLS.TXT
blocking any other calls.
Test: Generate policy, install onto Sailfish, check boots, Chrome runs,
calls are blocked.
Bug: 32313202
Change-Id: Ib590704e50122f077eeae26561eb9b0a70386551
2017-01-19 13:38:47 -08:00
