tequilaOS/platform_bionic
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_bionic/libc/seccomp/seccomp_bpfs.h
Steve Muckle aa3f96c9c4 Create global seccomp policy. 
Enabling seccomp across all processes, rather than just zygote, is
useful for auditing the syscall usage of AOSP. Create a global seccomp
policy that can optionally be enabled by init.

Bug: 37960259
Test: confirm global seccomp by removing finit_module from policy and
      observing modprobe fail, confirm regular seccomp unchanged by
      comparing length of installed bpf
Change-Id: Iac53a42fa26a80b05126f262dd9525f4f66df558
2017-07-21 20:30:21 -07:00

48 lines
1.8 KiB
C
Raw Blame History

/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef SECCOMP_BPFS_H
#define SECCOMP_BPFS_H
#include <stddef.h>
#include <linux/seccomp.h>
extern const struct sock_filter arm_filter[];
extern const size_t arm_filter_size;
extern const struct sock_filter arm_global_filter[];
extern const size_t arm_global_filter_size;
extern const struct sock_filter arm64_filter[];
extern const size_t arm64_filter_size;
extern const struct sock_filter arm64_global_filter[];
extern const size_t arm64_global_filter_size;
extern const struct sock_filter x86_filter[];
extern const size_t x86_filter_size;
extern const struct sock_filter x86_global_filter[];
extern const size_t x86_global_filter_size;
extern const struct sock_filter x86_64_filter[];
extern const size_t x86_64_filter_size;
extern const struct sock_filter x86_64_global_filter[];
extern const size_t x86_64_global_filter_size;
extern const struct sock_filter mips_filter[];
extern const size_t mips_filter_size;
extern const struct sock_filter mips_global_filter[];
extern const size_t mips_global_filter_size;
extern const struct sock_filter mips64_filter[];
extern const size_t mips64_filter_size;
extern const struct sock_filter mips64_global_filter[];
extern const size_t mips64_global_filter_size;
#endif
Reference in a new issue View git blame Copy permalink