commit 5afe3f8a6a2ce34ae8c6cdb016f94a548de1edf0
author Alessio Balsini <balsini@google.com> Thu Nov 11 18:43:00 2021 +0000
committer Alessio Balsini <balsini@google.com> Wed Dec 01 21:32:08 2021 +0000
tree 9331334836af7e31b108fe523c935f5c517a073a
parent 1d4272e3e48bb6f7276cace843e74dfb799a96d2

Allow bpf() syscall

The implementation of FUSE BPF requires the FUSE daemon to access BPF
functionalities, i.e., to get the fd of a pinned BPF prog and to update
maps.
In Android the FUSE daemon is part of MediaProvider which, belonging to
the apps domain, can only access the subset of syscalls allowed by
seccomp, of which bpf() is currently blocked.

This patch removes this limitation by adding the bpf() syscall to the
allowed seccomp syscalls.

Allowing the bpf() syscall is safe as its usage is still gated by
selinux and regular apps are not allowed to use it.

Bug: 202785178
Test: m
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I5887e8d22906c386307e54d3131c679fee0d9f26

libc/SYSCALLS.TXT

diff --git a/libc/SYSCALLS.TXT b/libc/SYSCALLS.TXT
index 22b82f1..a09c614 100644
--- a/libc/SYSCALLS.TXT
+++ b/libc/SYSCALLS.TXT
@@ -306,6 +306,8 @@
 int     sysinfo(struct sysinfo*)  all
 int     personality(unsigned long)  all
 
+int     bpf(int, union bpf_attr *, unsigned int) all
+
 ssize_t tee(int, int, size_t, unsigned int)  all
 ssize_t splice(int, off64_t*, int, off64_t*, size_t, unsigned int)  all
 ssize_t vmsplice(int, const struct iovec*, size_t, unsigned int)  all