Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ebb2179a authored by Josh Gao's avatar Josh Gao
Browse files

Use @include for crash_dump seccomp policies. 

Instead of manually inlining and updating seccomp policies for crash
dumping in 5 different places, add a central one that's @included by
each user.

Bug: http://b/38508369
Test: debuggerd [-b] `pidof media.{codec,extractor}` on walleye
Change-Id: I1691cb2ab041fc326765e7304917bd2b2460c6a9
parent bbcbbe4f

services/mediacodec/Android.mk

+2 −1
Original line number Diff line number Diff line
@@ -27,6 +27,7 @@ _software_codecs := \ 
include $(CLEAR_VARS)

# seccomp is not required for coverage build.

ifneq ($(NATIVE_COVERAGE),true)

LOCAL_REQUIRED_MODULES := crash_dump.policy

LOCAL_REQUIRED_MODULES_arm := mediacodec.policy

LOCAL_REQUIRED_MODULES_x86 := mediacodec.policy

endif
@@ -53,7 +54,7 @@ LOCAL_32_BIT_ONLY := true 
# Since this is 32-bit-only module, only 32-bit version of the codecs are installed.

# TODO(b/72343507): eliminate the need for manually adding .vendor suffix. This should be done

# by the build system.

LOCAL_REQUIRED_MODULES := \

LOCAL_REQUIRED_MODULES += \

$(foreach codec,$(_software_codecs),\

  $(eval _vendor_suffix := $(if $(BOARD_VNDK_VERSION),.vendor))\

  $(codec)$(_vendor_suffix)\

services/mediacodec/seccomp_policy/mediacodec-arm.policy

+1 −15
Original line number Diff line number Diff line
@@ -55,18 +55,4 @@ ugetrlimit: 1 
getdents64: 1

getrandom: 1



# for attaching to debuggerd on process crash

sigaction: 1

tgkill: 1

socket: 1

connect: 1

fcntl64: 1

rt_tgsigqueueinfo: 1

geteuid32: 1

getgid32: 1

getegid32: 1

getgroups32: 1

recvmsg: 1

getpid: 1

gettid: 1

process_vm_readv: 1
 
@include /system/etc/seccomp_policy/crash_dump.arm.policy

services/mediacodec/seccomp_policy/mediacodec-x86.policy

+2 −15
Original line number Diff line number Diff line
@@ -47,23 +47,10 @@ set_tid_address: 1 
write: 1

nanosleep: 1



# for attaching to debuggerd on process crash

socketcall: 1

sigaction: 1

tgkill: 1

rt_sigprocmask: 1

fcntl64: 1

rt_tgsigqueueinfo: 1

geteuid32: 1

getgid32: 1

getegid32: 1

getgroups32: 1

getdents64: 1

pipe2: 1

ppoll: 1



# Required by AddressSanitizer

gettid: 1

sched_yield: 1

getpid: 1

gettid: 1



@include /system/etc/seccomp_policy/crash_dump.x86.policy

services/mediaextractor/Android.mk

+2 −1
Original line number Diff line number Diff line
@@ -15,12 +15,13 @@ include $(BUILD_SHARED_LIBRARY) 
# service executable

include $(CLEAR_VARS)

# seccomp filters are defined for the following architectures:

LOCAL_REQUIRED_MODULES := crash_dump.policy

LOCAL_REQUIRED_MODULES_arm := mediaextractor.policy

LOCAL_REQUIRED_MODULES_arm64 := mediaextractor.policy

LOCAL_REQUIRED_MODULES_x86 := mediaextractor.policy



# extractor libraries

LOCAL_REQUIRED_MODULES := \

LOCAL_REQUIRED_MODULES += \

    libaacextractor \

    libamrextractor \

    libflacextractor \

services/mediaextractor/seccomp_policy/mediaextractor-arm.policy

+1 −18
Original line number Diff line number Diff line
@@ -48,21 +48,4 @@ pread64: 1 
readlinkat: 1

_llseek: 1



# for attaching to debuggerd on process crash

sigaction: 1

tgkill: 1

socket: 1

connect: 1

recvmsg: 1

fcntl64: 1

rt_tgsigqueueinfo: 1

geteuid32: 1

getgid32: 1

getegid32: 1

getgroups32: 1

getdents64: 1

pipe2: 1

ppoll: 1

getpid: 1

gettid: 1

process_vm_readv: 1
 
@include /system/etc/seccomp_policy/crash_dump.arm.policy