Enable seccomp in init with generated policy Test: Ran script to test performance - https://b.corp.google.com/issues/32313202#comment3 Saw no significant regression with this change on or off Removed chroot from SYSCALLS.TXT - chroot blocked Boot time appears reasonable Device boots with no SECCOMP blockings Measured per syscall time of 100ns Empirically counted <100,000 syscalls a second under heavy load Bug: 32313202 Change-Id: Icfcfbcb72b2de1b38f1ad6a82e8ece3bd1c9e7ec

commit: db929bf9b740b3b7c02cf0acc07fee94406f3b3f [log] [tgz]
author: Paul Lawrence <paullawrence@google.com> Fri Oct 21 13:13:02 2016 -0700
committer: Paul Lawrence <paullawrence@google.com> Tue Jan 10 10:09:38 2017 -0800
tree: 734e7e55da8c5aa667fd113c492fbcb8608f4793
parent: d5583867c61867252d4a8d794704f9c2d40bbca8 [diff] [blame]
diff --git a/init/Android.mk b/init/Android.mk
index 111fe89..2122880 100644
--- a/init/Android.mk
+++ b/init/Android.mk

@@ -70,6 +70,7 @@
     init.cpp \
     keychords.cpp \
     property_service.cpp \
+    seccomp.cpp \
     signal_handler.cpp \
     ueventd.cpp \
     ueventd_parser.cpp \
@@ -96,6 +97,7 @@
     libbase \
     libc \
     libselinux \
+    libseccomp_policy \
     liblog \
     libcrypto_utils \
     libcrypto \
commit	db929bf9b740b3b7c02cf0acc07fee94406f3b3f	[log] [tgz]
author	Paul Lawrence <paullawrence@google.com>	Fri Oct 21 13:13:02 2016 -0700
committer	Paul Lawrence <paullawrence@google.com>	Tue Jan 10 10:09:38 2017 -0800
tree	734e7e55da8c5aa667fd113c492fbcb8608f4793
parent	d5583867c61867252d4a8d794704f9c2d40bbca8 [diff] [blame]