Whitelist mremap for the mediacodec seccomp filter.
This CL whitelists the mremap() syscall for the seccomp filter for
mediacodec. We need to do this for CFI, which uses mremap
internally.
Bug: 30227045
Test: m -j40 and the device boots and works.
Change-Id: I3b95798b4c8653bd95fb1b3d54060d4a12adc5bd
diff --git a/services/mediacodec/minijail/seccomp_policy/mediacodec-seccomp-arm.policy b/services/mediacodec/minijail/seccomp_policy/mediacodec-seccomp-arm.policy
index 0afaa15..9a0894d 100644
--- a/services/mediacodec/minijail/seccomp_policy/mediacodec-seccomp-arm.policy
+++ b/services/mediacodec/minijail/seccomp_policy/mediacodec-seccomp-arm.policy
@@ -12,6 +12,14 @@
dup: 1
ppoll: 1
mmap2: 1
+
+# mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail
+# parser support for '<' is in this needs to be modified to also prevent
+# |old_address| and |new_address| from touching the exception vector page, which
+# on ARM is statically loaded at 0xffff 0000. See
+# http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html
+# for more details.
+mremap: arg3 == 3
munmap: 1
mprotect: 1
madvise: 1