Loading services/mediaextractor/Android.mk +3 −2 Original line number Diff line number Diff line Loading @@ -5,19 +5,20 @@ include $(CLEAR_VARS) LOCAL_SRC_FILES := MediaExtractorService.cpp LOCAL_SHARED_LIBRARIES := libmedia libstagefright libbinder libutils liblog LOCAL_MODULE:= libmediaextractorservice LOCAL_32_BIT_ONLY := true include $(BUILD_SHARED_LIBRARY) # service executable include $(CLEAR_VARS) # seccomp filters are defined for the following architectures: LOCAL_REQUIRED_MODULES_arm := mediaextractor-seccomp.policy LOCAL_REQUIRED_MODULES_arm64 := mediaextractor-seccomp.policy LOCAL_REQUIRED_MODULES_x86 := mediaextractor-seccomp.policy # TODO add seccomp filter for x86_64. LOCAL_SRC_FILES := main_extractorservice.cpp minijail/minijail.cpp LOCAL_SHARED_LIBRARIES := libmedia libmediaextractorservice libbinder libutils liblog libicuuc libminijail LOCAL_STATIC_LIBRARIES := libicuandroid_utils LOCAL_MODULE:= mediaextractor LOCAL_32_BIT_ONLY := true LOCAL_INIT_RC := mediaextractor.rc LOCAL_C_INCLUDES := frameworks/av/media/libmedia include $(BUILD_EXECUTABLE) Loading services/mediaextractor/minijail/Android.mk +3 −9 Original line number Diff line number Diff line LOCAL_PATH := $(call my-dir) ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64 x86 x86_64)) # TODO add filter for x86_64 ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64 x86)) include $(CLEAR_VARS) LOCAL_MODULE := mediaextractor-seccomp.policy LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/seccomp_policy # mediaextractor runs in 32-bit combatibility mode. For 64 bit architectures, # use the 32 bit policy ifdef TARGET_2ND_ARCH LOCAL_SRC_FILES := $(LOCAL_PATH)/seccomp_policy/mediaextractor-seccomp-$(TARGET_2ND_ARCH).policy else LOCAL_SRC_FILES := $(LOCAL_PATH)/seccomp_policy/mediaextractor-seccomp-$(TARGET_ARCH).policy endif # allow device specific additions to the syscall whitelist ifneq (,$(wildcard $(BOARD_SECCOMP_POLICY)/mediaextractor-seccomp.policy)) Loading services/mediaextractor/minijail/seccomp_policy/mediaextractor-seccomp-arm64.policy 0 → 100644 +36 −0 Original line number Diff line number Diff line # Organized by frequency of systemcall - in descending order for # best performance. ioctl: 1 futex: 1 prctl: 1 write: 1 getpriority: 1 close: 1 dup: 1 mmap: 1 munmap: 1 openat: 1 mprotect: 1 madvise: 1 getuid: 1 fstat: 1 read: 1 setpriority: 1 sigaltstack: 1 clone: 1 lseek: 1 newfstatat: 1 faccessat: 1 restart_syscall: 1 exit: 1 exit_group: 1 rt_sigreturn: 1 getrlimit: 1 # for attaching to debuggerd on process crash rt_sigaction: 1 # socket: arg0 == AF_LOCAL socket: arg0 == 1 connect: 1 rt_tgsigqueueinfo: 1 writev: 1 Loading
services/mediaextractor/Android.mk +3 −2 Original line number Diff line number Diff line Loading @@ -5,19 +5,20 @@ include $(CLEAR_VARS) LOCAL_SRC_FILES := MediaExtractorService.cpp LOCAL_SHARED_LIBRARIES := libmedia libstagefright libbinder libutils liblog LOCAL_MODULE:= libmediaextractorservice LOCAL_32_BIT_ONLY := true include $(BUILD_SHARED_LIBRARY) # service executable include $(CLEAR_VARS) # seccomp filters are defined for the following architectures: LOCAL_REQUIRED_MODULES_arm := mediaextractor-seccomp.policy LOCAL_REQUIRED_MODULES_arm64 := mediaextractor-seccomp.policy LOCAL_REQUIRED_MODULES_x86 := mediaextractor-seccomp.policy # TODO add seccomp filter for x86_64. LOCAL_SRC_FILES := main_extractorservice.cpp minijail/minijail.cpp LOCAL_SHARED_LIBRARIES := libmedia libmediaextractorservice libbinder libutils liblog libicuuc libminijail LOCAL_STATIC_LIBRARIES := libicuandroid_utils LOCAL_MODULE:= mediaextractor LOCAL_32_BIT_ONLY := true LOCAL_INIT_RC := mediaextractor.rc LOCAL_C_INCLUDES := frameworks/av/media/libmedia include $(BUILD_EXECUTABLE) Loading
services/mediaextractor/minijail/Android.mk +3 −9 Original line number Diff line number Diff line LOCAL_PATH := $(call my-dir) ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64 x86 x86_64)) # TODO add filter for x86_64 ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64 x86)) include $(CLEAR_VARS) LOCAL_MODULE := mediaextractor-seccomp.policy LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/seccomp_policy # mediaextractor runs in 32-bit combatibility mode. For 64 bit architectures, # use the 32 bit policy ifdef TARGET_2ND_ARCH LOCAL_SRC_FILES := $(LOCAL_PATH)/seccomp_policy/mediaextractor-seccomp-$(TARGET_2ND_ARCH).policy else LOCAL_SRC_FILES := $(LOCAL_PATH)/seccomp_policy/mediaextractor-seccomp-$(TARGET_ARCH).policy endif # allow device specific additions to the syscall whitelist ifneq (,$(wildcard $(BOARD_SECCOMP_POLICY)/mediaextractor-seccomp.policy)) Loading
services/mediaextractor/minijail/seccomp_policy/mediaextractor-seccomp-arm64.policy 0 → 100644 +36 −0 Original line number Diff line number Diff line # Organized by frequency of systemcall - in descending order for # best performance. ioctl: 1 futex: 1 prctl: 1 write: 1 getpriority: 1 close: 1 dup: 1 mmap: 1 munmap: 1 openat: 1 mprotect: 1 madvise: 1 getuid: 1 fstat: 1 read: 1 setpriority: 1 sigaltstack: 1 clone: 1 lseek: 1 newfstatat: 1 faccessat: 1 restart_syscall: 1 exit: 1 exit_group: 1 rt_sigreturn: 1 getrlimit: 1 # for attaching to debuggerd on process crash rt_sigaction: 1 # socket: arg0 == AF_LOCAL socket: arg0 == 1 connect: 1 rt_tgsigqueueinfo: 1 writev: 1
