aboutsummaryrefslogtreecommitdiff
path: root/libc/seccomp/mips_system_policy.cpp
Commit message (Collapse)AuthorAgeFilesLines
* seccomp: Generate the policy files at compile timeLuis Hector Chavez2018-08-061-127/+0
| | | | | | | | | | | | This change avoids having to run the genseccomp.py script every time a policy file is edited, and instead generates these files at compile-time. Bug: None Test: m Test: find out/soong/ -name x86_64_global_policy.cpp # Shows files Test: generated policies are equivalent to original policies Change-Id: I12461fe0c5fb02c008c1b2503fbb994b8aa2f56b
* Revert "Revert system seccomp filter changes"Victor Hsieh2018-03-301-82/+90
| | | | | | | | | | This reverts commit 040c28a0233a63278331797aad5a100303e80928. Reason for revert: reland since the actual problem has been fixed Change-Id: Ifd8a85b0de2eb6f2a76a6458570fc03b020a90ab Test: the apps in the bug no longer crashes. Bug: 76461821
* Revert system seccomp filter changesVictor Hsieh2018-03-271-90/+82
| | | | | | | | | | | 521b41 "Allow system processes to use vfork" ed74ab "Move some syscalls in commmon whitelist to app" An implementation bug actually assigns the system seccomp filter to all processes after zygote forks. Test: the apps in the bug no longer crashes. Bug: 76461821
* Move some syscalls in commmon whitelist to appVictor Hsieh2018-03-011-82/+90
| | | | | | | Test: system boots and basically runs Bug: 63944145 Change-Id: I5cb080d13fb98a2106201037f3817f027912a8aa
* Add bpf syscall to seccomp whitelistChenbo Feng2018-01-181-85/+83
| | | | | | | | | | The netd service and system server will use bpf syscalls to get network stats information when kernel supported. And the syscall from system server will need seccomp permission to run it. Test: -m CtsNetTestCases -t android.net.cts.TrafficStatsTest Bug: 30950746 Change-Id: I01c46f243dca0933a44cbfd3148f9e4748f9bc99
* Split zygote's seccomp filter into twoVictor Hsieh2018-01-041-0/+121
To pave the way to reducing app's kernel attack surface, this change split the single filter into one for system and one for apps. Note that there is current no change between them. Zygote will apply these filters appropriately to system server and apps. Keep set_seccomp_filter() for now until the caller has switched to the new API, which I will do immediately after this before the two filters diverse. Also remove get_seccomp_filter() since it doesn't seem to be used anyway. Test: diff the generated code, no difference except the variable names Test: cts -m CtsSecurityTestCases -t android.security.cts.SeccompTest Bug: 63944145 Change-Id: Id8ba05a87332c92ec697926af77bc5742eb04b23
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-26 03:12:26 +0000