ed95043d64
Configstore HAL is accessible to third party apps and thus requires
a tight sandbox that reflects the limited system access this HAL
needs.
We use two primary mechanisms to sandbox configstore, selinux and
seccomp, with the goal of restricting its access to userspace and
the kernel. The addition of a seccomp filter is primarily aimed
at reducing the kernel's attack surface that is reachable by
configstore HAL.
Seccomp filters are architecture dependent, so filters need to be
added for each architecture. This change adds a seccomp filter for
arm64 and issues a non-fatal runtime warning for other architectures
which still require a seccomp filter.
Bug: 36453956
Test: boot Marlin and Angler. Verify that configstore is not aborting
due to seccomp violations.
Test: "cat proc/<configstore pid>/status | grep seccomp " returns:
seccomp: 2
Which indicates that configstore is using seccomp-bpf.
Change-Id: Iab014ff357b7329085a5e18a92f51838d2c72371
|
||
|---|---|---|
| .. | ||
| default | ||
| vts/functional | ||
| Android.bp | ||
| Android.mk | ||
| ISurfaceFlingerConfigs.hal | ||