summaryrefslogtreecommitdiff
path: root/seccomp
diff options
context:
space:
mode:
authorRehan Ghori <rehang@google.com>2020-05-13 01:07:45 -0400
committerCommit Bot <commit-bot@chromium.org>2020-06-23 10:37:19 +0000
commitce6b9f4b535f6772dbcb1e89e9cefbb400c493ad (patch)
tree945a981707e26918e0adb5823111214890122fe8 /seccomp
parentbdc295ebe6ee799cf1b3575bfd0145461b46ba4f (diff)
downloadadhd-ce6b9f4b535f6772dbcb1e89e9cefbb400c493ad.tar.gz
cras: Whitelist system calls.
This CL whitelists socketpair and setpriority system calls since they are used by ALSA plugins for IP audio and brillo library. BUG=b:150684172 TEST=Tested on hardware. Used Endeavour to start a meeting and used Viking for IP audio. Change-Id: Ia8a1fc6bf490ae66cbb317e6b47bf4b8a06ddd61 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/adhd/+/2198197 Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Queue: Rehan Ghori <rehang@chromium.org> Tested-by: Rehan Ghori <rehang@chromium.org>
Diffstat (limited to 'seccomp')
-rw-r--r--seccomp/cras-seccomp-amd64.policy2
-rw-r--r--seccomp/cras-seccomp-arm.policy2
-rw-r--r--seccomp/cras-seccomp-arm64.policy2
3 files changed, 6 insertions, 0 deletions
diff --git a/seccomp/cras-seccomp-amd64.policy b/seccomp/cras-seccomp-amd64.policy
index c80df2ec..021ced19 100644
--- a/seccomp/cras-seccomp-amd64.policy
+++ b/seccomp/cras-seccomp-amd64.policy
@@ -35,6 +35,7 @@ futex: 1
lseek: 1
rt_sigaction: 1
socket: arg0 == AF_UNIX || arg0 == AF_BLUETOOTH || arg0 == AF_NETLINK
+socketpair: 1
unlink: 1
nanosleep: 1
pipe: 1
@@ -61,6 +62,7 @@ setrlimit: 1
listen: 1
clone: 1
set_robust_list: 1
+setpriority: 1
getresuid: 1
getresgid: 1
sched_setscheduler: 1
diff --git a/seccomp/cras-seccomp-arm.policy b/seccomp/cras-seccomp-arm.policy
index ce5ecbe8..16b6ca39 100644
--- a/seccomp/cras-seccomp-arm.policy
+++ b/seccomp/cras-seccomp-arm.policy
@@ -44,6 +44,7 @@ futex: 1
execve: 1
set_robust_list: 1
socket: arg0 == AF_UNIX || arg0 == AF_BLUETOOTH || arg0 == AF_NETLINK
+socketpair: 1
clone: 1
setsockopt: 1
geteuid32: 1
@@ -73,6 +74,7 @@ prctl: arg0 == PR_SET_NAME
clock_getres: 1
epoll_create1: 1
fchmod: 1
+setpriority: 1
setrlimit: 1
listen: 1
gettid: 1
diff --git a/seccomp/cras-seccomp-arm64.policy b/seccomp/cras-seccomp-arm64.policy
index e3dae97b..d505d175 100644
--- a/seccomp/cras-seccomp-arm64.policy
+++ b/seccomp/cras-seccomp-arm64.policy
@@ -31,6 +31,7 @@ sendto: 1
brk: 1
munmap: 1
socket: arg0 == AF_UNIX || arg0 == AF_BLUETOOTH || arg0 == AF_NETLINK
+socketpair: 1
statfs: 1
getsockopt: 1
accept: 1
@@ -76,6 +77,7 @@ sched_get_priority_min: 1
sched_setscheduler: 1
setrlimit: 1
set_robust_list: 1
+setpriority: 1
setsockopt: 1
set_tid_address: 1
sysinfo: 1
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 20:17:07 +0000