tequilaOS/platform_bionic
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_bionic/libc
History
Martijn Coenen d269d9b9e9 Add support for seccomp filter that limits setresuid/setresgid. 
Add a new function that installs a seccomp filter that checks
all setresuid/setresgid syscalls to fall within the passed in
uid/gid range. It allows all other syscalls through. Therefore,
this filter is meant to be used in addition to one of the
regular whitelist syscall filters. (If multiple seccomp filters
are installed a in process, all filters are run, and the most
restrictive result is used).

Since the regular app and app_zygote seccomp filters block all
other calls to change uid/gid (setuid, setgid, setgroups,
setreuid, setregid, setfsuid), combining these filters prevents
the process from using any other uid/gid than the one passed as
arguments to the new function.

Bug: 111434506
Test: atest CtsSeccompHostTestCases
Change-Id: If330efdafbedd8e7d38ca81896a4dbb0bc49f431
2019-01-19 09:09:30 +01:00
..
arch-arm Add ARM EABI function __aeabi_read_tp 2019-01-07 20:30:35 -08:00
arch-arm64 Remove denver64 from libc 2018-11-30 22:28:39 +00:00
arch-common/bionic Change crtbrand for host bionic 2018-10-22 17:15:22 -07:00
arch-mips
arch-mips64
arch-x86 Replace TLS_SLOT_BIONIC_PREINIT w/ shared globals 2018-12-04 13:51:56 -08:00
arch-x86_64 Make memcpy memmove 2018-06-11 18:12:45 +00:00
async_safe Add async_safe_format_fd_va_list 2018-10-08 13:27:16 -07:00
bionic Merge "Track movement of ICU .dat file" 2019-01-13 16:22:59 +00:00
dns Merge "Replace android_open_proxy with dns_open_proxy" 2018-11-28 12:21:33 +00:00
include Add Android Runtime APEX bin directory to Bionic default shell search path. 2018-12-06 17:03:47 +00:00
kernel Update kernel headers with new parser. 2019-01-10 17:33:56 -08:00
malloc_debug Fix/suppress bionic google-explicit-constructor warnings 2019-01-02 11:04:05 -08:00
malloc_hooks Fix malloc_hooks for hooks_write_malloc_leak_info. 2018-07-18 15:25:45 +01:00
private Reorganize static TLS memory for ELF TLS 2019-01-11 15:34:22 -08:00
seccomp Add support for seccomp filter that limits setresuid/setresgid. 2019-01-19 09:09:30 +01:00
stdio Make fclose/pclose distinct. 2018-10-01 16:17:37 -07:00
stdlib Add PR_SET_VMA and PR_SET_VMA_ANON_NAME to <sys/prctl.h>. 2018-08-22 10:36:23 -07:00
system_properties Clean up bionic_macros.h a bit. 2018-10-25 11:00:00 -07:00
tools genfunctosyscallnrs: maps bionic functions to syscall numbers. 2019-01-19 09:09:30 +01:00
tzcode Update the "host" bionic code tzdata lookup logic 2019-01-07 21:08:37 +00:00
upstream-freebsd Add reallocarray(3). 2018-09-26 14:24:18 -07:00
upstream-netbsd Remove unused NetBSD compatibility cruft. 2018-09-20 13:27:41 -07:00
upstream-openbsd Add reallocarray(3). 2018-09-26 14:24:18 -07:00
versioner-dependencies
Android.bp Add support for seccomp filter that limits setresuid/setresgid. 2019-01-19 09:09:30 +01:00
fs_config_generator.py
libc.map.txt Merge changes from topic "move_bionic_to_apex" 2019-01-11 16:59:15 +00:00
libstdc++.map.txt
MODULE_LICENSE_BSD
NOTICE Reorganize static TLS memory for ELF TLS 2019-01-11 15:34:22 -08:00
SECCOMP_BLACKLIST_APP.TXT Allow several syscalls to app process 2018-03-28 16:30:20 -07:00
SECCOMP_BLACKLIST_COMMON.TXT
SECCOMP_WHITELIST_APP.TXT Move pipe, open, and getdents from the APP to COMMON seccomp whitelist. 2018-09-11 19:20:34 -04:00
SECCOMP_WHITELIST_COMMON.TXT Move pipe, open, and getdents from the APP to COMMON seccomp whitelist. 2018-09-11 19:20:34 -04:00
SECCOMP_WHITELIST_GLOBAL.TXT
SECCOMP_WHITELIST_SYSTEM.TXT
SYSCALLS.TXT Add lp32 and lp64 shorthands to SYSCALLS.TXT. 2018-11-09 13:57:34 -08:00
version_script.txt