Fix problem that we don't block syscalls below min value
The check that we are not below the lowest permitted syscall was
off by one, so we always allowed them, rather than always denying
them
Test: Check arm64 boots, chrome and maps work
mips and mips64 emulators boot
Note that arm, x86 and x86_64 already allow syscall 0 so there
will be no functional change there
Change-Id: I85873f1d04124e634e648bd47c027f280f1d6dbd
diff --git a/libc/seccomp/arm64_policy.cpp b/libc/seccomp/arm64_policy.cpp
index 0bf85a3..5eee365 100644
--- a/libc/seccomp/arm64_policy.cpp
+++ b/libc/seccomp/arm64_policy.cpp
@@ -5,7 +5,7 @@
#include "seccomp_bpfs.h"
const sock_filter arm64_filter[] = {
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 5, 0, 25),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 5, 0, 26),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 203, 13, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 101, 7, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 43, 3, 0),
diff --git a/libc/seccomp/arm_policy.cpp b/libc/seccomp/arm_policy.cpp
index 73fdda4..94b1545 100644
--- a/libc/seccomp/arm_policy.cpp
+++ b/libc/seccomp/arm_policy.cpp
@@ -5,7 +5,7 @@
#include "seccomp_bpfs.h"
const sock_filter arm_filter[] = {
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 0, 0, 123),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 0, 0, 124),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 143, 61, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 74, 31, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 41, 15, 0),
diff --git a/libc/seccomp/mips64_policy.cpp b/libc/seccomp/mips64_policy.cpp
index 9439922..92f175a 100644
--- a/libc/seccomp/mips64_policy.cpp
+++ b/libc/seccomp/mips64_policy.cpp
@@ -5,7 +5,7 @@
#include "seccomp_bpfs.h"
const sock_filter mips64_filter[] = {
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 5000, 0, 77),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 5000, 0, 78),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 5168, 39, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 5077, 19, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 5034, 9, 0),
diff --git a/libc/seccomp/mips_policy.cpp b/libc/seccomp/mips_policy.cpp
index 3ded9f7..279017e 100644
--- a/libc/seccomp/mips_policy.cpp
+++ b/libc/seccomp/mips_policy.cpp
@@ -5,7 +5,7 @@
#include "seccomp_bpfs.h"
const sock_filter mips_filter[] = {
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4001, 0, 107),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4001, 0, 108),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4131, 53, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4064, 27, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4036, 13, 0),
diff --git a/libc/seccomp/x86_64_policy.cpp b/libc/seccomp/x86_64_policy.cpp
index e1f0aa3..69756c6 100644
--- a/libc/seccomp/x86_64_policy.cpp
+++ b/libc/seccomp/x86_64_policy.cpp
@@ -5,7 +5,7 @@
#include "seccomp_bpfs.h"
const sock_filter x86_64_filter[] = {
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 0, 0, 79),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 0, 0, 80),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 157, 39, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 72, 19, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 32, 9, 0),
diff --git a/libc/seccomp/x86_policy.cpp b/libc/seccomp/x86_policy.cpp
index 77fe208..ca02aa6 100644
--- a/libc/seccomp/x86_policy.cpp
+++ b/libc/seccomp/x86_policy.cpp
@@ -5,7 +5,7 @@
#include "seccomp_bpfs.h"
const sock_filter x86_filter[] = {
-BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 0, 0, 109),
+BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 0, 0, 110),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 131, 55, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 64, 27, 0),
BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 36, 13, 0),