This reverts commit fa0e022b06.
Reason for revert: Appears to be causing crash_dump crashes in Go and/or 32-bit
Bug: 262391724
Change-Id: I3964aa9d6c7005313e6bf95b7e87d6a2ab08b52d
Test: Local revert on wembley
We shouldn't need to poke these holes in seccomp now we're building the
sanitizers correctly.
Bug: http://b/229989971
Test: cuttlefish still boots with nothing untoward in the log
Change-Id: I2f9a050a86e670f000f44ad266ffdf404f3a1d1a
Remove copy_file_range(2), preadv2(2), and pwritev2(2), all of which are
now in SYSCALLS.TXT.
Remove semtimedop_time64(2) since it doesn't make any sense to have an
exception for just the 64-bit-time_t-on-LP32 variant of a syscall we
don't even use --- this is the least likely variant of that syscall
to need an exception!
Also clean up the unnecessary foo:foo syntax (you only need the : if you
want the generated stub to have a different name, and here the names
were all identical _and_ the whole point of this file is to list
syscalls that we're not generating stubs for, this was doubly useless),
simplify the signatures to just the types (which is all we need), and
improve some of the commentary.
Test: treehugger
Change-Id: I691b5758a2165be9bbeafdd83f0c64d7eea987e5
See:
https://man7.org/linux/man-pages/man2/close_range.2.html
Note: 'man close_range' documents 'flags' as unsigned int,
while glibc unistd.h as just 'int'. Picking 'int' to match glibc,
though it probably doesn't matter.
BYPASS_INCLUSIVE_LANGUAGE_REASON=man is a cli command
Test: TreeHugger
Bug: 229913920
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1e2d1c8edc2ea28922d60f3ce3e534a784622cd1
We've had complaints about ubsan issues for years, but never got to the
bottom of them, or saw them ourselves in testing. For some reason (still
not understood) we've started to see this ourselves in T and downstream
branches. So for now, let's just punch that extra hole.
Longer term, ubsan should stop needing any of this, so once
https://reviews.llvm.org/D124212 is in an LTS NDK, we should be able to
get rid of this _and_ the existing sanitizer-related holes.
Bug: https://github.com/android/ndk/issues/1298
Bug: http://b/229989971
Test: treehugger
Change-Id: Id42cb29c4e943c0080c0d34ce4e5d6d1b32da9e8
Linux kernel's close_range() system call (currently) allows:
close() unshare() fcntl(F_SETFD, FD_CLOEXEC)
to be performed on ranges of fds.
All 3 of these are already allowed by seccomp bpf:
as such this doesn't allow you to do anything you can't already do.
We can't add close_range() properly to bionic because we'd need to
fiddle about with ltp and it's too late to add new T API anyway,
so let's just make the direct syscall() call.
We'll add proper support in U.
See also:
https://man7.org/linux/man-pages/man2/close_range.2.html
Test: TreeHugger
Bug: 229913920
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I85586d544fc23bed6aee59f00bdb79ee7a8150d1
Enable userfaultfd syscall to be used by ART-GC.
Bug: 160737021
Test: manually tested by invoking userfaultfd syscall in ART
Change-Id: I9f98402a96bb8363a1e5fa49dbadbb37dc70d561
blacklist and whitelist are replaced with blocklist and allowlist
respectively.
Test: CtsSeccompHostTestCases
Change-Id: I39d9eda89038d1addbdaed59284a254a34cea1c6
2020-06-15 10:12:17 -07:00
Renamed from libc/SECCOMP_WHITELIST_COMMON.TXT (Browse further)
