Expand seccomp whitelist
Bug: 34813887 Bug: 34809883 Bug: 34767389 Bug: 34719286 Test: Device boots, the app in b/34719286 runs when it didn't before Change-Id: Iad198e3ca620e7a07464b0d182f969bb807bd948
This commit is contained in:
Paul Lawrence
parent
1cb8d9df6c
commit
ae3f906093
1 changed files with 8 additions and 0 deletions
|
|
@ -213,6 +213,14 @@ bool set_seccomp_filter() {
|
|||
// Needed for kernel to restart syscalls
|
||||
AllowSyscall(f, 0); // __NR_restart_syscall
|
||||
|
||||
// b/34813887
|
||||
AllowSyscall(f, 5); // __NR_open
|
||||
AllowSyscall(f, 141); // __NR_getdents
|
||||
AllowSyscall(f, 217); // __NR_getdents64
|
||||
|
||||
// b/34719286
|
||||
AllowSyscall(f, 351); // __NR_eventfd
|
||||
|
||||
// arm32-on-arm64 only filter - autogenerated from bionic syscall usage
|
||||
for (size_t i = 0; i < arm_filter_size; ++i)
|
||||
f.push_back(arm_filter[i]);
|
||||
|
|
|
|||
Loading…
Reference in a new issue