Loading core/jni/android_os_seccomp.cpp +10 −6 Original line number Diff line number Diff line Loading @@ -122,6 +122,10 @@ bool set_seccomp_filter() { // 64-bit filter ExamineSyscall(f); // arm64-only filter - autogenerated from bionic syscall usage for (size_t i = 0; i < arm64_filter_size; ++i) f.push_back(arm64_filter[i]); // Syscalls needed to boot Android AllowSyscall(f, 41); // __NR_pivot_root AllowSyscall(f, 31); // __NR_ioprio_get Loading @@ -143,9 +147,7 @@ bool set_seccomp_filter() { // Needed for kernel to restart syscalls AllowSyscall(f, 128); // __NR_restart_syscall // arm64-only filter - autogenerated from bionic syscall usage for (size_t i = 0; i < arm64_filter_size; ++i) f.push_back(arm64_filter[i]); Trap(f); if (SetValidateArchitectureJumpTarget(offset_to_32bit_filter, f) != 0) return -1; Loading @@ -153,6 +155,10 @@ bool set_seccomp_filter() { // 32-bit filter ExamineSyscall(f); // arm32 filter - autogenerated from bionic syscall usage for (size_t i = 0; i < arm_filter_size; ++i) f.push_back(arm_filter[i]); // Syscalls needed to boot android AllowSyscall(f, 120); // __NR_clone AllowSyscall(f, 240); // __NR_futex Loading Loading @@ -200,9 +206,7 @@ bool set_seccomp_filter() { // already allowed. AllowSyscall(f, 85); // __NR_readlink // arm32 filter - autogenerated from bionic syscall usage for (size_t i = 0; i < arm_filter_size; ++i) f.push_back(arm_filter[i]); Trap(f); return install_filter(f); } Loading Loading
core/jni/android_os_seccomp.cpp +10 −6 Original line number Diff line number Diff line Loading @@ -122,6 +122,10 @@ bool set_seccomp_filter() { // 64-bit filter ExamineSyscall(f); // arm64-only filter - autogenerated from bionic syscall usage for (size_t i = 0; i < arm64_filter_size; ++i) f.push_back(arm64_filter[i]); // Syscalls needed to boot Android AllowSyscall(f, 41); // __NR_pivot_root AllowSyscall(f, 31); // __NR_ioprio_get Loading @@ -143,9 +147,7 @@ bool set_seccomp_filter() { // Needed for kernel to restart syscalls AllowSyscall(f, 128); // __NR_restart_syscall // arm64-only filter - autogenerated from bionic syscall usage for (size_t i = 0; i < arm64_filter_size; ++i) f.push_back(arm64_filter[i]); Trap(f); if (SetValidateArchitectureJumpTarget(offset_to_32bit_filter, f) != 0) return -1; Loading @@ -153,6 +155,10 @@ bool set_seccomp_filter() { // 32-bit filter ExamineSyscall(f); // arm32 filter - autogenerated from bionic syscall usage for (size_t i = 0; i < arm_filter_size; ++i) f.push_back(arm_filter[i]); // Syscalls needed to boot android AllowSyscall(f, 120); // __NR_clone AllowSyscall(f, 240); // __NR_futex Loading Loading @@ -200,9 +206,7 @@ bool set_seccomp_filter() { // already allowed. AllowSyscall(f, 85); // __NR_readlink // arm32 filter - autogenerated from bionic syscall usage for (size_t i = 0; i < arm_filter_size; ++i) f.push_back(arm_filter[i]); Trap(f); return install_filter(f); } Loading
