Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / 521b412aa1281ac39edf368a6b3db204812947e9^! / . / libc / seccomp / arm_system_policy.cpp
commit521b412aa1281ac39edf368a6b3db204812947e9[log] [tgz]
authorVictor Hsieh <victorhsieh@google.com>Fri Mar 09 11:38:31 2018 -0800
committerVictor Hsieh <victorhsieh@google.com>Fri Mar 09 11:52:32 2018 -0800
treee73e5101f159e0023e6c85b7f2ed36133cacbd49
parent0a2060c090e8b33045236fa0f836903994210c2b [diff] [blame]
Allow system processes to use vfork

java.lang.ProcessBuilder is internally using vfork in the current
configuration (see UNIXProcess_md.c in libcore).

Test: On an x86 Chromebook, trigger dropbox error event (1. settings
      put global logcat_for_system_app_anr 50; 2. kill -19 `pidof
      com.android.settings'; touch Settings).  Saw seccomp error in
      logcat but only without this fix.
Test: fyi, not reproducible on walleye (arm64)
Bug: 74441404

Change-Id: I1f40ae0fe0607c5834ecbe040ed31c4c0e42131d

diff --git a/libc/seccomp/arm_system_policy.cpp b/libc/seccomp/arm_system_policy.cpp
index feb111e..8887f4d 100644
--- a/libc/seccomp/arm_system_policy.cpp
+++ b/libc/seccomp/arm_system_policy.cpp

@@ -72,7 +72,7 @@
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 141, 64, 63), //setfsuid|setfsgid|_llseek
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 290, 31, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 217, 15, 0),
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 191, 7, 0),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 190, 7, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 172, 3, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 150, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 149, 58, 57), //flock|msync|readv|writev|getsid|fdatasync
@@ -82,7 +82,7 @@
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 188, 54, 53), //getcwd|capget|capset|sigaltstack|sendfile
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 199, 3, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 197, 1, 0),
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 195, 51, 50), //ugetrlimit|mmap2|truncate64|ftruncate64
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 195, 51, 50), //vfork|ugetrlimit|mmap2|truncate64|ftruncate64
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 198, 50, 49), //fstat64
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 213, 1, 0),
 BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 212, 48, 47), //getuid32|getgid32|geteuid32|getegid32|setreuid32|setregid32|getgroups32|setgroups32|fchown32|setresuid32|getresuid32|setresgid32|getresgid32