Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / 5ae193ae36ec7621a5f7bcf387997c5081e9c239
commit5ae193ae36ec7621a5f7bcf387997c5081e9c239[log] [tgz]
authorMaciej Żenczykowski <maze@google.com>Fri Mar 14 12:44:50 2025 -0700
committerMaciej Żenczykowski <maze@google.com>Tue Mar 18 02:57:06 2025 -0700
tree510c9d7e217f81fbe99a7bf004468536325a1886
parent19199ca6887b83622031517f54cf9f55e9d09d25 [diff]
clatd: implement seccomp system call protection

but only enable it in enforcing mode on aarch64,
since that gets good test coverage via Pixel
on GoogleGuest ipv6-only wifi network
and (for example) T-Mobile US cellular.

For other architectures this will only result
in (automatically ratelimitted to at most 5/s)
audit logs for any 'unusual' system calls.

Test: TreeHugger, manually on Pixel on GoogleGuest wifi
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id14c6d9db8d7b4652c7358cac101a82ef09843e0
2 files changed
tree: 510c9d7e217f81fbe99a7bf004468536325a1886
  1. bpf/
  2. clatd/
  3. common/
  4. framework/
  5. framework-t/
  6. nearby/
  7. networksecurity/
  8. remoteauth/
  9. service/
  10. service-b/
  11. service-t/
  12. staticlibs/
  13. tests/
  14. Tethering/
  15. thread/
  16. tools/
  17. .gitignore
  18. OWNERS
  19. OWNERS_core_networking
  20. OWNERS_core_networking_xts
  21. PREUPLOAD.cfg
  22. TEST_MAPPING