Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 47afc6b6 authored by Colin Cross's avatar Colin Cross
Browse files

Allow restart_syscall 

restart_syscall is used by the kernel whenever a syscall with a
timeout is interrupted.  Whitelist it in seccomp to prevent
processes being killed with SIGSYS when being ptraced.

Bug: 34586922
Test: hwui_unit_tests
Change-Id: Ic47dcad33f3082eb5673c3c67fe17200d4daaf74
parent 13c15e05

init/seccomp.cpp

+6 −0
Original line number Diff line number Diff line
@@ -170,6 +170,9 @@ bool set_seccomp_filter() { 
    // Needed for trusty

    AllowSyscall(f, __NR_syncfs);



    // Needed for kernel to restart syscalls

    AllowSyscall(f, __NR_restart_syscall);



     // arm64-only filter - autogenerated from bionic syscall usage

    for (size_t i = 0; i < arm64_filter_size; ++i)

        f.push_back(arm64_filter[i]);
@@ -201,6 +204,9 @@ bool set_seccomp_filter() { 
    // Syscalls needed to run GFXBenchmark

    AllowSyscall(f, 190); // __NR_vfork



    // Needed for kernel to restart syscalls

    AllowSyscall(f, 0);  // __NR_restart_syscall



    // arm32-on-arm64 only filter - autogenerated from bionic syscall usage

    for (size_t i = 0; i < arm_filter_size; ++i)

        f.push_back(arm_filter[i]);