4f02dd5755
To pave the way to reducing app's kernel attack surface, this change split the single filter into one for system and one for apps. Note that there is current no change between them. Zygote will apply these filters appropriately to system server and apps. Keep set_seccomp_filter() for now until the caller has switched to the new API, which I will do immediately after this before the two filters diverse. Also remove get_seccomp_filter() since it doesn't seem to be used anyway. Test: diff the generated code, no difference except the variable names Test: cts -m CtsSecurityTestCases -t android.security.cts.SeccompTest Bug: 63944145 Change-Id: Id8ba05a87332c92ec697926af77bc5742eb04b23
65 lines
2.4 KiB
C
65 lines
2.4 KiB
C
/*
|
|
* Copyright (C) 2017 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef SECCOMP_BPFS_H
|
|
#define SECCOMP_BPFS_H
|
|
|
|
#include <stddef.h>
|
|
#include <linux/seccomp.h>
|
|
|
|
extern const struct sock_filter arm_app_filter[];
|
|
extern const size_t arm_app_filter_size;
|
|
extern const struct sock_filter arm_system_filter[];
|
|
extern const size_t arm_system_filter_size;
|
|
extern const struct sock_filter arm_global_filter[];
|
|
extern const size_t arm_global_filter_size;
|
|
|
|
extern const struct sock_filter arm64_app_filter[];
|
|
extern const size_t arm64_app_filter_size;
|
|
extern const struct sock_filter arm64_system_filter[];
|
|
extern const size_t arm64_system_filter_size;
|
|
extern const struct sock_filter arm64_global_filter[];
|
|
extern const size_t arm64_global_filter_size;
|
|
|
|
extern const struct sock_filter x86_app_filter[];
|
|
extern const size_t x86_app_filter_size;
|
|
extern const struct sock_filter x86_system_filter[];
|
|
extern const size_t x86_system_filter_size;
|
|
extern const struct sock_filter x86_global_filter[];
|
|
extern const size_t x86_global_filter_size;
|
|
|
|
extern const struct sock_filter x86_64_app_filter[];
|
|
extern const size_t x86_64_app_filter_size;
|
|
extern const struct sock_filter x86_64_system_filter[];
|
|
extern const size_t x86_64_system_filter_size;
|
|
extern const struct sock_filter x86_64_global_filter[];
|
|
extern const size_t x86_64_global_filter_size;
|
|
|
|
extern const struct sock_filter mips_app_filter[];
|
|
extern const size_t mips_app_filter_size;
|
|
extern const struct sock_filter mips_system_filter[];
|
|
extern const size_t mips_system_filter_size;
|
|
extern const struct sock_filter mips_global_filter[];
|
|
extern const size_t mips_global_filter_size;
|
|
|
|
extern const struct sock_filter mips64_app_filter[];
|
|
extern const size_t mips64_app_filter_size;
|
|
extern const struct sock_filter mips64_system_filter[];
|
|
extern const size_t mips64_system_filter_size;
|
|
extern const struct sock_filter mips64_global_filter[];
|
|
extern const size_t mips64_global_filter_size;
|
|
|
|
#endif
|