Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 03253b48 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

configstore: sandbox with seccomp filter 

Configstore HAL is accessible to third party apps and thus requires
a tight sandbox that reflects the limited system access this HAL
needs.

We use two primary mechanisms to sandbox configstore, selinux and
seccomp, with the goal of restricting its access to userspace and
the kernel. The addition of a seccomp filter is primarily aimed
at reducing the kernel's attack surface that is reachable by
configstore HAL.

Seccomp filters are architecture dependent, so filters need to be
added for each architecture. This change adds a seccomp filter for
arm64 and issues a non-fatal runtime warning for other architectures
which still require a seccomp filter.

Bug: 36453956
Test: boot Marlin and Angler. Verify that configstore is not aborting
    due to seccomp violations.
Test: "cat proc/<configstore pid>/status | grep seccomp " returns:
    seccomp: 2
    Which indicates that configstore is using seccomp-bpf.

Change-Id: Iab014ff357b7329085a5e18a92f51838d2c72371
(cherry picked from commit ed95043d)
parent 43b3865a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment