Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dec68869 authored by Victor Hsieh's avatar Victor Hsieh Committed by android-build-merger
Browse files

Merge "Reland: Move zygote's seccomp setup to post-fork" am: 7839672e 

am: 42494665

Change-Id: Idbf4d7add5e41d2d01f4a3c2ff6e8f1b1735faeb
parents 2746e9ab 42494665

core/java/android/os/Seccomp.java

deleted100644 → 0
+0 −24
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2017 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.os;



/**

 * @hide

 */

public final class Seccomp {

    public static final native void setPolicy();

}

core/java/com/android/internal/os/Zygote.java

+3 −0
Original line number Diff line number Diff line
@@ -69,6 +69,9 @@ public final class Zygote { 


    private Zygote() {}



    /** Called for some security initialization before any fork. */

    native static void nativeSecurityInit();



    /**

     * Forks a new VM instance.  The current VM must have been started

     * with the -Xzygote flag. <b>NOTE: new instance keeps all

core/java/com/android/internal/os/ZygoteInit.java

+2 −4
Original line number Diff line number Diff line
@@ -30,7 +30,6 @@ import android.os.IInstalld; 
import android.os.Environment;

import android.os.Process;

import android.os.RemoteException;

import android.os.Seccomp;

import android.os.ServiceManager;

import android.os.ServiceSpecificException;

import android.os.SystemClock;
@@ -781,12 +780,11 @@ public class ZygoteInit { 
            // Zygote.

            Trace.setTracingEnabled(false, 0);



            Zygote.nativeSecurityInit();



            // Zygote process unmounts root storage spaces.

            Zygote.nativeUnmountStorageOnInit();



            // Set seccomp policy

            Seccomp.setPolicy();



            ZygoteHooks.stopZygoteNoThreadCreation();



            if (startSystemServer) {

core/jni/Android.bp

+0 −1
Original line number Diff line number Diff line
@@ -86,7 +86,6 @@ cc_library_shared { 
        "android_os_MessageQueue.cpp",

        "android_os_Parcel.cpp",

        "android_os_SELinux.cpp",

        "android_os_seccomp.cpp",

        "android_os_SharedMemory.cpp",

        "android_os_SystemClock.cpp",

        "android_os_SystemProperties.cpp",

core/jni/AndroidRuntime.cpp

+0 −2
Original line number Diff line number Diff line
@@ -163,7 +163,6 @@ extern int register_android_os_Parcel(JNIEnv* env); 
extern int register_android_os_SELinux(JNIEnv* env);

extern int register_android_os_VintfObject(JNIEnv *env);

extern int register_android_os_VintfRuntimeInfo(JNIEnv *env);

extern int register_android_os_seccomp(JNIEnv* env);

extern int register_android_os_SystemProperties(JNIEnv *env);

extern int register_android_os_SystemClock(JNIEnv* env);

extern int register_android_os_Trace(JNIEnv* env);
@@ -1420,7 +1419,6 @@ static const RegJNIRec gRegJNI[] = { 
    REG_JNI(register_android_os_GraphicsEnvironment),

    REG_JNI(register_android_os_MessageQueue),

    REG_JNI(register_android_os_SELinux),

    REG_JNI(register_android_os_seccomp),

    REG_JNI(register_android_os_Trace),

    REG_JNI(register_android_os_UEventObserver),

    REG_JNI(register_android_net_LocalSocketImpl),