Create APP_ZYGOTE seccomp policy. The APP_ZYGOTE seccomp policy is identical to the APP seccomp policy, with the exception of allowing setresgid(32), which the app zygote needs to be able to do (within a certain range). Bug: 111434506 Test: manual Change-Id: I34864837c981d201225e3e2e5501c0415a9a7dc8

commit: c3752be83771f00b24909689dde366f75dfa0c27 [log] [tgz]
author: Martijn Coenen <maco@google.com> Wed Jan 09 16:19:57 2019 +0100
committer: Martijn Coenen <maco@google.com> Sat Jan 19 09:09:30 2019 +0100
tree: 52d3a20fb72f74df39a46517f63463940cb6ef94
parent: 0c6de75a45cb3e8fb191cccb7c93d31def4c486f [diff]
diff --git a/libc/seccomp/include/seccomp_policy.h b/libc/seccomp/include/seccomp_policy.h
index 49280f4..bcbe285 100644
--- a/libc/seccomp/include/seccomp_policy.h
+++ b/libc/seccomp/include/seccomp_policy.h

@@ -20,5 +20,6 @@
 #include <linux/filter.h>
 
 bool set_app_seccomp_filter();
+bool set_app_zygote_seccomp_filter();
 bool set_system_seccomp_filter();
 bool set_global_seccomp_filter();
commit	c3752be83771f00b24909689dde366f75dfa0c27	[log] [tgz]
author	Martijn Coenen <maco@google.com>	Wed Jan 09 16:19:57 2019 +0100
committer	Martijn Coenen <maco@google.com>	Sat Jan 19 09:09:30 2019 +0100
tree	52d3a20fb72f74df39a46517f63463940cb6ef94
parent	0c6de75a45cb3e8fb191cccb7c93d31def4c486f [diff]