Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cb619f16 authored by Elliott Hughes's avatar Elliott Hughes Committed by android-build-merger
Browse files

Merge "Remove the global seccomp option." am: f3a5ab8b am: 3c5216e8

am: d2c6bb85

Change-Id: Ib5cddc2aeaea739ebb12246db86c96d7ae016dc3
parents 2d294cae d2c6bb85
Loading
Loading
Loading
Loading
+0 −1
Original line number Diff line number Diff line
@@ -62,7 +62,6 @@ cc_defaults {
        },
    },
    static_libs: [
        "libseccomp_policy",
        "libavb",
        "libc++fs",
        "libcgrouprc_format",
+0 −1
Original line number Diff line number Diff line
@@ -92,7 +92,6 @@ LOCAL_STATIC_LIBRARIES := \
    liblogwrap \
    libext4_utils \
    libfscrypt \
    libseccomp_policy \
    libcrypto_utils \
    libsparse \
    libavb \
+0 −13
Original line number Diff line number Diff line
@@ -19,7 +19,6 @@
#include <dirent.h>
#include <fcntl.h>
#include <pthread.h>
#include <seccomp_policy.h>
#include <signal.h>
#include <stdlib.h>
#include <string.h>
@@ -581,15 +580,6 @@ void HandleKeychord(const std::vector<int>& keycodes) {
    }
}

static void GlobalSeccomp() {
    import_kernel_cmdline(false, [](const std::string& key, const std::string& value,
                                    bool in_qemu) {
        if (key == "androidboot.seccomp" && value == "global" && !set_global_seccomp_filter()) {
            LOG(FATAL) << "Failed to globally enable seccomp!";
        }
    });
}

static void UmountDebugRamdisk() {
    if (umount("/debug_ramdisk") != 0) {
        LOG(ERROR) << "Failed to umount /debug_ramdisk";
@@ -691,9 +681,6 @@ int SecondStageMain(int argc, char** argv) {
        LOG(ERROR) << "Unable to write -1000 to /proc/1/oom_score_adj: " << result.error();
    }

    // Enable seccomp if global boot option was passed (otherwise it is enabled in zygote).
    GlobalSeccomp();

    // Set up a session keyring that all processes will have access to. It
    // will hold things like FBE encryption keys. No process should override
    // its session keyring.