summaryrefslogtreecommitdiff
path: root/core/java
diff options
context:
space:
mode:
authorTreeHugger Robot <treehugger-gerrit@google.com>2018-01-10 02:31:08 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2018-01-10 02:31:08 +0000
commitdf449ee9c31e12d8c1960051de9c4aebcb8bb8c5 (patch)
tree3215dd1127b978132541707d5b39d7bd798e6fe3 /core/java
parent67d86e3990953cc6b5821111be79953e533ca34b (diff)
parent551e5af0d476724f192f896e651d078aea6bf61a (diff)
Merge "Revert "Move zygote's seccomp setup to post-fork""
Diffstat (limited to 'core/java')
-rw-r--r--core/java/android/os/Seccomp.java3
-rw-r--r--core/java/com/android/internal/os/Zygote.java4
-rw-r--r--core/java/com/android/internal/os/ZygoteConnection.java4
-rw-r--r--core/java/com/android/internal/os/ZygoteInit.java3
4 files changed, 4 insertions, 10 deletions
diff --git a/core/java/android/os/Seccomp.java b/core/java/android/os/Seccomp.java
index 335e44b65711..f14e93fe9403 100644
--- a/core/java/android/os/Seccomp.java
+++ b/core/java/android/os/Seccomp.java
@@ -20,6 +20,5 @@ package android.os;
* @hide
*/
public final class Seccomp {
- public static native void setSystemServerPolicy();
- public static native void setAppPolicy();
+ public static final native void setPolicy();
}
diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java
index 3ebe921234b6..cbc63cf813cb 100644
--- a/core/java/com/android/internal/os/Zygote.java
+++ b/core/java/com/android/internal/os/Zygote.java
@@ -17,7 +17,6 @@
package com.android.internal.os;
import android.os.IVold;
-import android.os.Seccomp;
import android.os.Trace;
import android.system.ErrnoException;
import android.system.Os;
@@ -154,9 +153,6 @@ public final class Zygote {
*/
public static int forkSystemServer(int uid, int gid, int[] gids, int runtimeFlags,
int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) {
- // Set system server specific seccomp policy.
- Seccomp.setSystemServerPolicy();
-
VM_HOOKS.preFork();
// Resets nice priority for zygote process.
resetNicePriority();
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
index 24c4a8d8d438..6a87b1f4d3fd 100644
--- a/core/java/com/android/internal/os/ZygoteConnection.java
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
@@ -30,7 +30,6 @@ import android.net.Credentials;
import android.net.LocalSocket;
import android.os.FactoryTest;
import android.os.Process;
-import android.os.Seccomp;
import android.os.SystemProperties;
import android.os.Trace;
import android.system.ErrnoException;
@@ -768,9 +767,6 @@ class ZygoteConnection {
Process.setArgV0(parsedArgs.niceName);
}
- // Set app specific seccomp policy.
- Seccomp.setAppPolicy();
-
// End of the postFork event.
Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);
if (parsedArgs.invokeWith != null) {
diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
index c906db74f8a9..c5fe4cb0177b 100644
--- a/core/java/com/android/internal/os/ZygoteInit.java
+++ b/core/java/com/android/internal/os/ZygoteInit.java
@@ -782,6 +782,9 @@ public class ZygoteInit {
// Zygote process unmounts root storage spaces.
Zygote.nativeUnmountStorageOnInit();
+ // Set seccomp policy
+ Seccomp.setPolicy();
+
ZygoteHooks.stopZygoteNoThreadCreation();
if (startSystemServer) {
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-06 02:41:07 +0000