Loading core/java/android/os/Seccomp.java +1 −2 Original line number Diff line number Diff line Loading @@ -20,6 +20,5 @@ package android.os; * @hide */ public final class Seccomp { public static native void setSystemServerPolicy(); public static native void setAppPolicy(); public static final native void setPolicy(); } core/java/com/android/internal/os/Zygote.java +0 −4 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ package com.android.internal.os; import android.os.Seccomp; import android.os.Trace; import dalvik.system.ZygoteHooks; import android.system.ErrnoException; Loading Loading @@ -156,9 +155,6 @@ public final class Zygote { */ public static int forkSystemServer(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) { // Set system server specific seccomp policy. Seccomp.setSystemServerPolicy(); VM_HOOKS.preFork(); // Resets nice priority for zygote process. resetNicePriority(); Loading core/java/com/android/internal/os/ZygoteConnection.java +0 −4 Original line number Diff line number Diff line Loading @@ -30,7 +30,6 @@ import android.net.Credentials; import android.net.LocalSocket; import android.os.FactoryTest; import android.os.Process; import android.os.Seccomp; import android.os.SystemProperties; import android.os.Trace; import android.system.ErrnoException; Loading Loading @@ -768,9 +767,6 @@ class ZygoteConnection { Process.setArgV0(parsedArgs.niceName); } // Set app specific seccomp policy. Seccomp.setAppPolicy(); // End of the postFork event. Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER); if (parsedArgs.invokeWith != null) { Loading core/java/com/android/internal/os/ZygoteInit.java +3 −0 Original line number Diff line number Diff line Loading @@ -782,6 +782,9 @@ public class ZygoteInit { // Zygote process unmounts root storage spaces. Zygote.nativeUnmountStorageOnInit(); // Set seccomp policy Seccomp.setPolicy(); ZygoteHooks.stopZygoteNoThreadCreation(); if (startSystemServer) { Loading core/jni/android_os_seccomp.cpp +3 −16 Original line number Diff line number Diff line Loading @@ -21,33 +21,20 @@ #include "seccomp_policy.h" static void Seccomp_setSystemServerPolicy(JNIEnv* /*env*/) { static void Seccomp_setPolicy(JNIEnv* /*env*/) { if (security_getenforce() == 0) { ALOGI("seccomp disabled by setenforce 0"); return; } if (!set_system_seccomp_filter()) { ALOGE("Failed to set seccomp policy - killing"); exit(1); } } static void Seccomp_setAppPolicy(JNIEnv* /*env*/) { if (security_getenforce() == 0) { ALOGI("seccomp disabled by setenforce 0"); return; } if (!set_app_seccomp_filter()) { if (!set_seccomp_filter()) { ALOGE("Failed to set seccomp policy - killing"); exit(1); } } static const JNINativeMethod method_table[] = { NATIVE_METHOD(Seccomp, setSystemServerPolicy, "()V"), NATIVE_METHOD(Seccomp, setAppPolicy, "()V"), NATIVE_METHOD(Seccomp, setPolicy, "()V"), }; namespace android { Loading Loading
core/java/android/os/Seccomp.java +1 −2 Original line number Diff line number Diff line Loading @@ -20,6 +20,5 @@ package android.os; * @hide */ public final class Seccomp { public static native void setSystemServerPolicy(); public static native void setAppPolicy(); public static final native void setPolicy(); }
core/java/com/android/internal/os/Zygote.java +0 −4 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ package com.android.internal.os; import android.os.Seccomp; import android.os.Trace; import dalvik.system.ZygoteHooks; import android.system.ErrnoException; Loading Loading @@ -156,9 +155,6 @@ public final class Zygote { */ public static int forkSystemServer(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) { // Set system server specific seccomp policy. Seccomp.setSystemServerPolicy(); VM_HOOKS.preFork(); // Resets nice priority for zygote process. resetNicePriority(); Loading
core/java/com/android/internal/os/ZygoteConnection.java +0 −4 Original line number Diff line number Diff line Loading @@ -30,7 +30,6 @@ import android.net.Credentials; import android.net.LocalSocket; import android.os.FactoryTest; import android.os.Process; import android.os.Seccomp; import android.os.SystemProperties; import android.os.Trace; import android.system.ErrnoException; Loading Loading @@ -768,9 +767,6 @@ class ZygoteConnection { Process.setArgV0(parsedArgs.niceName); } // Set app specific seccomp policy. Seccomp.setAppPolicy(); // End of the postFork event. Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER); if (parsedArgs.invokeWith != null) { Loading
core/java/com/android/internal/os/ZygoteInit.java +3 −0 Original line number Diff line number Diff line Loading @@ -782,6 +782,9 @@ public class ZygoteInit { // Zygote process unmounts root storage spaces. Zygote.nativeUnmountStorageOnInit(); // Set seccomp policy Seccomp.setPolicy(); ZygoteHooks.stopZygoteNoThreadCreation(); if (startSystemServer) { Loading
core/jni/android_os_seccomp.cpp +3 −16 Original line number Diff line number Diff line Loading @@ -21,33 +21,20 @@ #include "seccomp_policy.h" static void Seccomp_setSystemServerPolicy(JNIEnv* /*env*/) { static void Seccomp_setPolicy(JNIEnv* /*env*/) { if (security_getenforce() == 0) { ALOGI("seccomp disabled by setenforce 0"); return; } if (!set_system_seccomp_filter()) { ALOGE("Failed to set seccomp policy - killing"); exit(1); } } static void Seccomp_setAppPolicy(JNIEnv* /*env*/) { if (security_getenforce() == 0) { ALOGI("seccomp disabled by setenforce 0"); return; } if (!set_app_seccomp_filter()) { if (!set_seccomp_filter()) { ALOGE("Failed to set seccomp policy - killing"); exit(1); } } static const JNINativeMethod method_table[] = { NATIVE_METHOD(Seccomp, setSystemServerPolicy, "()V"), NATIVE_METHOD(Seccomp, setAppPolicy, "()V"), NATIVE_METHOD(Seccomp, setPolicy, "()V"), }; namespace android { Loading
