Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c337e32b authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Make seccomp honor setenforce"

parents 6ac19c0d ffad2adf

core/jni/Android.mk

+2 −0
Original line number Diff line number Diff line
@@ -218,6 +218,8 @@ LOCAL_C_INCLUDES += \ 


LOCAL_STATIC_LIBRARIES := \

    libseccomp_policy \

    libselinux \

    libcrypto \



LOCAL_SHARED_LIBRARIES := \

    libmemtrack \

core/jni/android_os_seccomp.cpp

+7 −0
Original line number Diff line number Diff line
@@ -17,9 +17,16 @@ 
#include "core_jni_helpers.h"

#include "JniConstants.h"

#include "utils/Log.h"

#include <selinux/selinux.h>



#include "seccomp_policy.h"



static void Seccomp_setPolicy(JNIEnv* /*env*/) {

    if (security_getenforce() == 0) {

        ALOGI("seccomp disabled by setenforce 0");

        return;

    }



    if (!set_seccomp_filter()) {

        ALOGE("Failed to set seccomp policy - killing");

        exit(1);