CTS-on-gsi test,...

CTS-on-gsi test, CtsSecurityHostTestCases--android.security.cts.ProcessMustUseSeccompTest#testMediaextractorHasSeccompFilter
--android.security.cts.ProcessMustUseSeccompTest#testOmxHalHasSeccompFilter
failed

[Android Version]:
Android8.1.0_r2

[CTS pachage version]
Suite / Plan	VTS / cts-on-gsi
Suite / Build	8.1_R3 / 4632653

[device](Any device config may relate this failure)
spreadtrum's iSharkL2
size:1080*1920

[bugzilla bugid] 79158930

[CTS Test Pre–Condition]
1.Language set to EN;
2.Keyguard set to none;
3.Enable GPS, Wifi network, USB debugging, Stay awake, Allow mock locations.
4.CTS version is VTS / cts-on-gsi 8.1_R3

[CTS Test Step]:
1 ./vts-tradefed
2 run cts-on-gsi

[Expected Result  ]:
This case will pass.

[Testing Result]:
case failed:
CtsSecurityHostTestCases
--android.security.cts.ProcessMustUseSeccompTest#testMediaextractorHasSeccompFilter
--android.security.cts.ProcessMustUseSeccompTest#testOmxHalHasSeccompFilter


[13. Analysis]:
junit.framework.AssertionFailedError: media.extractor must have a seccomp filter enabled. The "Seccomp" field of media.extractor's /proc/3292/status file should be set to "2"
at junit.framework.Assert.fail(Assert.java:57)
at junit.framework.Assert.assertTrue(Assert.java:22)

For iSharkL2 device, TARGET_ARCH=x86_64, but in the following Android.mk, there is no x86_64 option and mediaextractor-x86_64.policy, so mediaextractor.polily will not be generated in the $(TARGET_OUT)/etc/seccomp_policy.

Frameworks/av/services/mediaextractor/Android.mk:
# service seccomp filter
ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64 x86))
include $(CLEAR_VARS)
LOCAL_MODULE := mediaextractor.policy
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/seccomp_policy
LOCAL_SRC_FILES := seccomp_policy/mediaextractor-$(TARGET_ARCH).policy
include $(BUILD_PREBUILT)
endif

[Analysize]:
There is no mediaextractor-x86_64.policy file in the frameworks/av/services/mediaextractor/seccomp_policy/, so we can't write this mediaextractor-x86_64.policy

And mediaextractor-x86_64.policy is got based on the mediaextractor-x86.policy and added the differences between mediaextractor-arm.policy and mediaextractor-arm64.policy.

But there is a problem of the arrangement order of syscalls in mediaextractor-x86_64.policy, maybe it need Google engineer to refine it.


[Conclusion]:
1. Add a new mediaextractor-x86_x64.policy
2. Modify the Android.mk file below in the frameworks/av/services/mediaextractor/ seccomp_policy
3. Because current google AOSP don’t consider x86_64 arch for mediaextractor policy, and iSharkL2 device use x86_64 arch, so we need to support it in the frameworks/av/services/mediaextractor/ seccomp_policy/. We will request to waive for this.


[Patch Link]:
https://android-review.googlesource.com/c/platform/frameworks/av/+/676982

bug: 79158930
bug: 69073312
Test: Local build

Change-Id: Icd14cc62d6a2b8989ae3e2a1650af3749198522f
Merged-In: Icd14cc62d6a2b8989ae3e2a1650af3749198522f
(cherry picked from commit 9f60b569)
(cherry picked from commit 178aaae0f64a194bf4804554c45fd65aa41344b1)