summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHemant Sharma <hemantbeast@gmail.com>2018-01-08 15:45:11 +0530
committerHemant Sharma <hemantbeast@gmail.com>2018-01-14 15:59:14 +0000
commit75d62180e48b814be07996272c67213bcb9f1f9a (patch)
tree47d810d14d4a0e2c8591c35b19fe511f247c3052
parentf4e10cd66936c77e36d69cae7d01141f8ed824e7 (diff)
armani: Add seccomp policy
Change-Id: I1782f78693940f0501193ee473f58845b4d30cc9
Diffstat
-rw-r--r--device.mk5
-rw-r--r--seccomp/mediacodec.policy7
-rw-r--r--seccomp/mediaextractor.policy4
3 files changed, 16 insertions, 0 deletions
diff --git a/device.mk b/device.mk
index 9d42b0e..d2fa85d 100644
--- a/device.mk
+++ b/device.mk
@@ -205,6 +205,11 @@ PRODUCT_COPY_FILES += \
$(LOCAL_PATH)/rootdir/init.armani.usb.rc:root/init.armani.usb.rc \
$(LOCAL_PATH)/rootdir/ueventd.armani.rc:root/ueventd.armani.rc
+# Seccomp
+PRODUCT_COPY_FILES += \
+ $(LOCAL_PATH)/seccomp/mediacodec.policy:system/vendor/etc/seccomp_policy/mediacodec.policy \
+ $(LOCAL_PATH)/seccomp/mediaextractor.policy:system/vendor/etc/seccomp_policy/mediaextractor.policy
+
# Sensors
PRODUCT_COPY_FILES += \
$(LOCAL_PATH)/configs/sensors/_hals.conf:system/vendor/etc/sensors/_hals.conf \
diff --git a/seccomp/mediacodec.policy b/seccomp/mediacodec.policy
new file mode 100644
index 0000000..ec62654
--- /dev/null
+++ b/seccomp/mediacodec.policy
@@ -0,0 +1,7 @@
+# device specific syscalls
+# extension of services/mediacodec/seccomp_policy/mediacodec-arm.policy
+pselect6: 1
+eventfd2: 1
+sendto: 1
+recvfrom: 1
+_llseek: 1 \ No newline at end of file
diff --git a/seccomp/mediaextractor.policy b/seccomp/mediaextractor.policy
new file mode 100644
index 0000000..b97f1f2
--- /dev/null
+++ b/seccomp/mediaextractor.policy
@@ -0,0 +1,4 @@
+# device specific syscalls.
+# extension of services/mediaextractor/seccomp_policy/mediaextractor-arm.policy
+readlinkat: 1
+pread64: 1 \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 00:54:29 +0000