platform_hardware_interfaces/minijail
Jeff Vander Stoep ed95043d64 configstore: sandbox with seccomp filter
Configstore HAL is accessible to third party apps and thus requires
a tight sandbox that reflects the limited system access this HAL
needs.

We use two primary mechanisms to sandbox configstore, selinux and
seccomp, with the goal of restricting its access to userspace and
the kernel. The addition of a seccomp filter is primarily aimed
at reducing the kernel's attack surface that is reachable by
configstore HAL.

Seccomp filters are architecture dependent, so filters need to be
added for each architecture. This change adds a seccomp filter for
arm64 and issues a non-fatal runtime warning for other architectures
which still require a seccomp filter.

Bug: 36453956
Test: boot Marlin and Angler. Verify that configstore is not aborting
    due to seccomp violations.
Test: "cat proc/<configstore pid>/status | grep seccomp " returns:
    seccomp: 2
    Which indicates that configstore is using seccomp-bpf.

Change-Id: Iab014ff357b7329085a5e18a92f51838d2c72371
2017-07-12 12:58:01 -07:00
..
include/hwminijail configstore: sandbox with seccomp filter 2017-07-12 12:58:01 -07:00
Android.mk configstore: sandbox with seccomp filter 2017-07-12 12:58:01 -07:00
HardwareMinijail.cpp configstore: sandbox with seccomp filter 2017-07-12 12:58:01 -07:00