Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9200bf9b authored by Kazuhiro Inaba's avatar Kazuhiro Inaba
Browse files

Makes sure to set up the mediaextractor x86_64 seccomp policy. 

Three fixes
(1) Sets LOCAL_REQUIRED_MODULES_x86_64.
  Otherwise the policy file won't be in the system image at all.

(2) Drops the executable bit (chmod a-x) of the policy file.

(3) Incorporates the changes done on x86.policy between O and P.
  The previous patch seems to be a cherry-pick from AOSP, which
  does not take the P changes into account. (Hence mediaextractor
  just crashes if the previous policy file is applied to P.)

Bug: 79158930
Bug: 69073312
Test: ProcessMustUseSeccompTest#testMediaextractorHasSeccompFilter
Test: CtsMediaTestCases runs without mediaextractor/minijail error
Change-Id: Iada4c75883de03b5a44a06df33de428c2ceef3d5
parent 7e19897b

services/mediaextractor/Android.mk

+1 −0
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ include $(CLEAR_VARS) 
LOCAL_REQUIRED_MODULES_arm := crash_dump.policy mediaextractor.policy

LOCAL_REQUIRED_MODULES_arm64 := crash_dump.policy mediaextractor.policy

LOCAL_REQUIRED_MODULES_x86 := crash_dump.policy mediaextractor.policy

LOCAL_REQUIRED_MODULES_x86_64 := crash_dump.policy mediaextractor.policy



# extractor libraries

LOCAL_REQUIRED_MODULES += \

services/mediaextractor/seccomp_policy/mediaextractor-x86_64.policy

100755 → 100644
+10 −16
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ clone: 1 
getuid: 1

setpriority: 1

sigaltstack: 1

fstatfs: 1

newfstatat: 1

restart_syscall: 1

exit: 1
@@ -30,28 +31,21 @@ faccessat: 1 
sched_setscheduler: 1

getrlimit: 1

nanosleep: 1

getrandom: 1



# for FileSource

# for dynamically loading extractors

getdents64: 1

readlinkat: 1

pread64: 1

mremap: 1



# for attaching to debuggerd on process crash

tgkill: 1

socket: arg0 == 1

connect: 1

fcntl: 1

rt_sigprocmask: 1

rt_sigaction: 1

rt_tgsigqueueinfo: 1

geteuid: 1

getgid: 1

getegid: 1

getgroups: 1

getdents64: 1

pipe2: 1

ppoll: 1

# for FileSource

readlinkat: 1



# Required by AddressSanitizer

gettid: 1

sched_yield: 1

getpid: 1

gettid: 1



@include /system/etc/seccomp_policy/crash_dump.x86_64.policy