Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 98fc01e7 authored by Steven Moreland's avatar Steven Moreland
Browse files

Make missing seccomp file fatal. 

If there is an issue where this is not loaded, we should know.

Bug: 146059841
Test: boot health check on devices
Change-Id: I3c50078b254e3caff5c824024909cb722dfb1aae
parent 967bfe95

services/minijail/minijail.cpp

+1 −7
Original line number Diff line number Diff line
@@ -64,13 +64,6 @@ void SetUpMinijail(const std::string& base_policy_path, 
void SetUpMinijailList(const std::string& base_policy_path,

                   const std::vector<std::string>& additional_policy_paths)

{

    // No seccomp policy defined for this architecture.

    if (access(base_policy_path.c_str(), R_OK) == -1) {

        // LOG(WARNING) << "No seccomp policy defined for this architecture.";

        LOG(WARNING) << "missing base seccomp_policy file '" << base_policy_path << "'";

        return;

    }



    std::string base_policy_content;

    std::vector<std::string> additional_policy_contents;

    if (!base::ReadFileToString(base_policy_path, &base_policy_content,
@@ -83,6 +76,7 @@ void SetUpMinijailList(const std::string& base_policy_path, 
        if (one_policy_path.length() > 0 &&

                !base::ReadFileToString(one_policy_path, &one_policy_content,

                    false /* follow_symlinks */)) {

            // TODO: harder failure (fatal unless ENOENT?)

            LOG(WARNING) << "Could not read additional policy file '" << one_policy_path << "'";

        }

        additional_policy_contents.push_back(one_policy_content);