ed95043d64
Configstore HAL is accessible to third party apps and thus requires a tight sandbox that reflects the limited system access this HAL needs. We use two primary mechanisms to sandbox configstore, selinux and seccomp, with the goal of restricting its access to userspace and the kernel. The addition of a seccomp filter is primarily aimed at reducing the kernel's attack surface that is reachable by configstore HAL. Seccomp filters are architecture dependent, so filters need to be added for each architecture. This change adds a seccomp filter for arm64 and issues a non-fatal runtime warning for other architectures which still require a seccomp filter. Bug: 36453956 Test: boot Marlin and Angler. Verify that configstore is not aborting due to seccomp violations. Test: "cat proc/<configstore pid>/status | grep seccomp " returns: seccomp: 2 Which indicates that configstore is using seccomp-bpf. Change-Id: Iab014ff357b7329085a5e18a92f51838d2c72371 |
||
---|---|---|
.. | ||
include/hwminijail | ||
Android.mk | ||
HardwareMinijail.cpp |