Revert "Move zygote's seccomp setup to post-fork"

This reverts commit a188dbc050b9fca41ed92928d68ed00c562de580. Reason for revert: selinux denials, see b/71768585 Change-Id: Ic1b81e146b52b68445ba634de39657f199107da3
author: Victor Hsieh <victorhsieh@google.com> 2018-01-10 00:48:54 +0000
committer: Victor Hsieh <victorhsieh@google.com> 2018-01-10 00:48:54 +0000
commit: 551e5af0d476724f192f896e651d078aea6bf61a (patch)
tree: 5806d8108f59fcc14dd9bd81b2edbb4b95cdd4cf /core/java
parent: a188dbc050b9fca41ed92928d68ed00c562de580 (diff)
4 files changed, 4 insertions, 10 deletions
diff --git a/core/java/android/os/Seccomp.java b/core/java/android/os/Seccomp.java
index 335e44b65711..f14e93fe9403 100644
--- a/core/java/android/os/Seccomp.java
+++ b/core/java/android/os/Seccomp.java
@@ -20,6 +20,5 @@ package android.os;
  * @hide
  */
 public final class Seccomp {
-    public static native void setSystemServerPolicy();
-    public static native void setAppPolicy();
+    public static final native void setPolicy();
 }
diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java
index 3ebe921234b6..cbc63cf813cb 100644
--- a/core/java/com/android/internal/os/Zygote.java
+++ b/core/java/com/android/internal/os/Zygote.java
@@ -17,7 +17,6 @@
 package com.android.internal.os;
 
 import android.os.IVold;
-import android.os.Seccomp;
 import android.os.Trace;
 import android.system.ErrnoException;
 import android.system.Os;
@@ -154,9 +153,6 @@ public final class Zygote {
      */
     public static int forkSystemServer(int uid, int gid, int[] gids, int runtimeFlags,
             int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) {
-        // Set system server specific seccomp policy.
-        Seccomp.setSystemServerPolicy();
-
         VM_HOOKS.preFork();
         // Resets nice priority for zygote process.
         resetNicePriority();
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
index 24c4a8d8d438..6a87b1f4d3fd 100644
--- a/core/java/com/android/internal/os/ZygoteConnection.java
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
@@ -30,7 +30,6 @@ import android.net.Credentials;
 import android.net.LocalSocket;
 import android.os.FactoryTest;
 import android.os.Process;
-import android.os.Seccomp;
 import android.os.SystemProperties;
 import android.os.Trace;
 import android.system.ErrnoException;
@@ -768,9 +767,6 @@ class ZygoteConnection {
             Process.setArgV0(parsedArgs.niceName);
         }
 
-        // Set app specific seccomp policy.
-        Seccomp.setAppPolicy();
-
         // End of the postFork event.
         Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);
         if (parsedArgs.invokeWith != null) {
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
index 40168328c5bc..2be6212b9f1e 100644
--- a/core/java/com/android/internal/os/ZygoteInit.java
+++ b/core/java/com/android/internal/os/ZygoteInit.java
@@ -782,6 +782,9 @@ public class ZygoteInit {
             // Zygote process unmounts root storage spaces.
             Zygote.nativeUnmountStorageOnInit();
 
+            // Set seccomp policy
+            Seccomp.setPolicy();
+
             ZygoteHooks.stopZygoteNoThreadCreation();
 
             if (startSystemServer) {
author	Victor Hsieh <victorhsieh@google.com>	2018-01-10 00:48:54 +0000
committer	Victor Hsieh <victorhsieh@google.com>	2018-01-10 00:48:54 +0000
commit	551e5af0d476724f192f896e651d078aea6bf61a (patch)
tree	5806d8108f59fcc14dd9bd81b2edbb4b95cdd4cf /core/java
parent	a188dbc050b9fca41ed92928d68ed00c562de580 (diff)