Loading services/mediacodec/Android.mk +5 −2 Original line number Diff line number Diff line Loading @@ -14,8 +14,10 @@ include $(BUILD_SHARED_LIBRARY) # service executable include $(CLEAR_VARS) LOCAL_SRC_FILES := main_codecservice.cpp LOCAL_SHARED_LIBRARIES := libmedia libmediacodecservice libbinder libutils liblog LOCAL_REQUIRED_MODULES_arm := mediacodec-seccomp.policy LOCAL_SRC_FILES := main_codecservice.cpp minijail/minijail.cpp LOCAL_SHARED_LIBRARIES := libmedia libmediacodecservice libbinder libutils \ liblog libminijail LOCAL_C_INCLUDES := \ $(TOP)/frameworks/av/media/libstagefright \ $(TOP)/frameworks/native/include/media/openmax Loading @@ -24,4 +26,5 @@ LOCAL_32_BIT_ONLY := true LOCAL_INIT_RC := mediacodec.rc include $(BUILD_EXECUTABLE) include $(call all-makefiles-under, $(LOCAL_PATH)) services/mediacodec/main_codecservice.cpp +3 −1 Original line number Diff line number Diff line /* ** ** Copyright 2015, The Android Open Source Project ** Copyright 2016, The Android Open Source Project ** ** Licensed under the Apache License, Version 2.0 (the "License"); ** you may not use this file except in compliance with the License. Loading Loading @@ -28,6 +28,7 @@ // from LOCAL_C_INCLUDES #include "MediaCodecService.h" #include "minijail/minijail.h" using namespace android; Loading @@ -35,6 +36,7 @@ int main(int argc __unused, char** argv) { ALOGI("@@@ mediacodecservice starting"); signal(SIGPIPE, SIG_IGN); MiniJail(); strcpy(argv[0], "media.codec"); sp<ProcessState> proc(ProcessState::self()); Loading services/mediacodec/minijail/Android.mk 0 → 100644 +28 −0 Original line number Diff line number Diff line LOCAL_PATH := $(call my-dir) ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64)) include $(CLEAR_VARS) LOCAL_MODULE := mediacodec-seccomp.policy LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/seccomp_policy # mediacodec runs in 32-bit combatibility mode. For 64 bit architectures, # use the 32 bit policy ifdef TARGET_2ND_ARCH LOCAL_SRC_FILES := $(LOCAL_PATH)/seccomp_policy/mediacodec-seccomp-$(TARGET_2ND_ARCH).policy else LOCAL_SRC_FILES := $(LOCAL_PATH)/seccomp_policy/mediacodec-seccomp-$(TARGET_ARCH).policy endif # allow device specific additions to the syscall whitelist ifneq (,$(wildcard $(BOARD_SECCOMP_POLICY)/mediacodec-seccomp.policy)) LOCAL_SRC_FILES += $(BOARD_SECCOMP_POLICY)/mediacodec-seccomp.policy endif include $(BUILD_SYSTEM)/base_rules.mk $(LOCAL_BUILT_MODULE): $(LOCAL_SRC_FILES) @mkdir -p $(dir $@) $(hide) cat > $@ $^ endif services/mediacodec/minijail/minijail.cpp 0 → 100644 +50 −0 Original line number Diff line number Diff line /* ** ** Copyright 2016, The Android Open Source Project ** ** Licensed under the Apache License, Version 2.0 (the "License"); ** you may not use this file except in compliance with the License. ** You may obtain a copy of the License at ** ** http://www.apache.org/licenses/LICENSE-2.0 ** ** Unless required by applicable law or agreed to in writing, software ** distributed under the License is distributed on an "AS IS" BASIS, ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ** See the License for the specific language governing permissions and ** limitations under the License. */ #include <cutils/log.h> #include <libminijail.h> #include "minijail.h" namespace android { /* Must match location in Android.mk */ static const char kSeccompFilePath[] = "/system/etc/seccomp_policy/mediacodec-seccomp.policy"; int MiniJail() { /* no seccomp policy for this architecture */ if (access(kSeccompFilePath, R_OK) == -1) { ALOGW("No seccomp filter defined for this architecture."); return 0; } struct minijail *jail = minijail_new(); if (jail == NULL) { ALOGW("Failed to create minijail."); return -1; } minijail_no_new_privs(jail); minijail_log_seccomp_filter_failures(jail); minijail_use_seccomp_filter(jail); minijail_parse_seccomp_filters(jail, kSeccompFilePath); minijail_enter(jail); minijail_destroy(jail); return 0; } } services/mediacodec/minijail/minijail.h 0 → 100644 +20 −0 Original line number Diff line number Diff line /* ** ** Copyright 2016, The Android Open Source Project ** ** Licensed under the Apache License, Version 2.0 (the "License"); ** you may not use this file except in compliance with the License. ** You may obtain a copy of the License at ** ** http://www.apache.org/licenses/LICENSE-2.0 ** ** Unless required by applicable law or agreed to in writing, software ** distributed under the License is distributed on an "AS IS" BASIS, ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ** See the License for the specific language governing permissions and ** limitations under the License. */ namespace android { int MiniJail(); } Loading
services/mediacodec/Android.mk +5 −2 Original line number Diff line number Diff line Loading @@ -14,8 +14,10 @@ include $(BUILD_SHARED_LIBRARY) # service executable include $(CLEAR_VARS) LOCAL_SRC_FILES := main_codecservice.cpp LOCAL_SHARED_LIBRARIES := libmedia libmediacodecservice libbinder libutils liblog LOCAL_REQUIRED_MODULES_arm := mediacodec-seccomp.policy LOCAL_SRC_FILES := main_codecservice.cpp minijail/minijail.cpp LOCAL_SHARED_LIBRARIES := libmedia libmediacodecservice libbinder libutils \ liblog libminijail LOCAL_C_INCLUDES := \ $(TOP)/frameworks/av/media/libstagefright \ $(TOP)/frameworks/native/include/media/openmax Loading @@ -24,4 +26,5 @@ LOCAL_32_BIT_ONLY := true LOCAL_INIT_RC := mediacodec.rc include $(BUILD_EXECUTABLE) include $(call all-makefiles-under, $(LOCAL_PATH))
services/mediacodec/main_codecservice.cpp +3 −1 Original line number Diff line number Diff line /* ** ** Copyright 2015, The Android Open Source Project ** Copyright 2016, The Android Open Source Project ** ** Licensed under the Apache License, Version 2.0 (the "License"); ** you may not use this file except in compliance with the License. Loading Loading @@ -28,6 +28,7 @@ // from LOCAL_C_INCLUDES #include "MediaCodecService.h" #include "minijail/minijail.h" using namespace android; Loading @@ -35,6 +36,7 @@ int main(int argc __unused, char** argv) { ALOGI("@@@ mediacodecservice starting"); signal(SIGPIPE, SIG_IGN); MiniJail(); strcpy(argv[0], "media.codec"); sp<ProcessState> proc(ProcessState::self()); Loading
services/mediacodec/minijail/Android.mk 0 → 100644 +28 −0 Original line number Diff line number Diff line LOCAL_PATH := $(call my-dir) ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64)) include $(CLEAR_VARS) LOCAL_MODULE := mediacodec-seccomp.policy LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/seccomp_policy # mediacodec runs in 32-bit combatibility mode. For 64 bit architectures, # use the 32 bit policy ifdef TARGET_2ND_ARCH LOCAL_SRC_FILES := $(LOCAL_PATH)/seccomp_policy/mediacodec-seccomp-$(TARGET_2ND_ARCH).policy else LOCAL_SRC_FILES := $(LOCAL_PATH)/seccomp_policy/mediacodec-seccomp-$(TARGET_ARCH).policy endif # allow device specific additions to the syscall whitelist ifneq (,$(wildcard $(BOARD_SECCOMP_POLICY)/mediacodec-seccomp.policy)) LOCAL_SRC_FILES += $(BOARD_SECCOMP_POLICY)/mediacodec-seccomp.policy endif include $(BUILD_SYSTEM)/base_rules.mk $(LOCAL_BUILT_MODULE): $(LOCAL_SRC_FILES) @mkdir -p $(dir $@) $(hide) cat > $@ $^ endif
services/mediacodec/minijail/minijail.cpp 0 → 100644 +50 −0 Original line number Diff line number Diff line /* ** ** Copyright 2016, The Android Open Source Project ** ** Licensed under the Apache License, Version 2.0 (the "License"); ** you may not use this file except in compliance with the License. ** You may obtain a copy of the License at ** ** http://www.apache.org/licenses/LICENSE-2.0 ** ** Unless required by applicable law or agreed to in writing, software ** distributed under the License is distributed on an "AS IS" BASIS, ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ** See the License for the specific language governing permissions and ** limitations under the License. */ #include <cutils/log.h> #include <libminijail.h> #include "minijail.h" namespace android { /* Must match location in Android.mk */ static const char kSeccompFilePath[] = "/system/etc/seccomp_policy/mediacodec-seccomp.policy"; int MiniJail() { /* no seccomp policy for this architecture */ if (access(kSeccompFilePath, R_OK) == -1) { ALOGW("No seccomp filter defined for this architecture."); return 0; } struct minijail *jail = minijail_new(); if (jail == NULL) { ALOGW("Failed to create minijail."); return -1; } minijail_no_new_privs(jail); minijail_log_seccomp_filter_failures(jail); minijail_use_seccomp_filter(jail); minijail_parse_seccomp_filters(jail, kSeccompFilePath); minijail_enter(jail); minijail_destroy(jail); return 0; } }
services/mediacodec/minijail/minijail.h 0 → 100644 +20 −0 Original line number Diff line number Diff line /* ** ** Copyright 2016, The Android Open Source Project ** ** Licensed under the Apache License, Version 2.0 (the "License"); ** you may not use this file except in compliance with the License. ** You may obtain a copy of the License at ** ** http://www.apache.org/licenses/LICENSE-2.0 ** ** Unless required by applicable law or agreed to in writing, software ** distributed under the License is distributed on an "AS IS" BASIS, ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ** See the License for the specific language governing permissions and ** limitations under the License. */ namespace android { int MiniJail(); }
