diff options
author | Rehan Ghori <rehang@google.com> | 2020-05-13 01:07:45 -0400 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-06-23 10:37:19 +0000 |
commit | ce6b9f4b535f6772dbcb1e89e9cefbb400c493ad (patch) | |
tree | 945a981707e26918e0adb5823111214890122fe8 /seccomp | |
parent | bdc295ebe6ee799cf1b3575bfd0145461b46ba4f (diff) | |
download | adhd-ce6b9f4b535f6772dbcb1e89e9cefbb400c493ad.tar.gz |
cras: Whitelist system calls.
This CL whitelists socketpair and setpriority system calls since they
are used by ALSA plugins for IP audio and brillo library.
BUG=b:150684172
TEST=Tested on hardware. Used Endeavour to start a meeting and used
Viking for IP audio.
Change-Id: Ia8a1fc6bf490ae66cbb317e6b47bf4b8a06ddd61
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/adhd/+/2198197
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Rehan Ghori <rehang@chromium.org>
Tested-by: Rehan Ghori <rehang@chromium.org>
Diffstat (limited to 'seccomp')
-rw-r--r-- | seccomp/cras-seccomp-amd64.policy | 2 | ||||
-rw-r--r-- | seccomp/cras-seccomp-arm.policy | 2 | ||||
-rw-r--r-- | seccomp/cras-seccomp-arm64.policy | 2 |
3 files changed, 6 insertions, 0 deletions
diff --git a/seccomp/cras-seccomp-amd64.policy b/seccomp/cras-seccomp-amd64.policy index c80df2ec..021ced19 100644 --- a/seccomp/cras-seccomp-amd64.policy +++ b/seccomp/cras-seccomp-amd64.policy @@ -35,6 +35,7 @@ futex: 1 lseek: 1 rt_sigaction: 1 socket: arg0 == AF_UNIX || arg0 == AF_BLUETOOTH || arg0 == AF_NETLINK +socketpair: 1 unlink: 1 nanosleep: 1 pipe: 1 @@ -61,6 +62,7 @@ setrlimit: 1 listen: 1 clone: 1 set_robust_list: 1 +setpriority: 1 getresuid: 1 getresgid: 1 sched_setscheduler: 1 diff --git a/seccomp/cras-seccomp-arm.policy b/seccomp/cras-seccomp-arm.policy index ce5ecbe8..16b6ca39 100644 --- a/seccomp/cras-seccomp-arm.policy +++ b/seccomp/cras-seccomp-arm.policy @@ -44,6 +44,7 @@ futex: 1 execve: 1 set_robust_list: 1 socket: arg0 == AF_UNIX || arg0 == AF_BLUETOOTH || arg0 == AF_NETLINK +socketpair: 1 clone: 1 setsockopt: 1 geteuid32: 1 @@ -73,6 +74,7 @@ prctl: arg0 == PR_SET_NAME clock_getres: 1 epoll_create1: 1 fchmod: 1 +setpriority: 1 setrlimit: 1 listen: 1 gettid: 1 diff --git a/seccomp/cras-seccomp-arm64.policy b/seccomp/cras-seccomp-arm64.policy index e3dae97b..d505d175 100644 --- a/seccomp/cras-seccomp-arm64.policy +++ b/seccomp/cras-seccomp-arm64.policy @@ -31,6 +31,7 @@ sendto: 1 brk: 1 munmap: 1 socket: arg0 == AF_UNIX || arg0 == AF_BLUETOOTH || arg0 == AF_NETLINK +socketpair: 1 statfs: 1 getsockopt: 1 accept: 1 @@ -76,6 +77,7 @@ sched_get_priority_min: 1 sched_setscheduler: 1 setrlimit: 1 set_robust_list: 1 +setpriority: 1 setsockopt: 1 set_tid_address: 1 sysinfo: 1 |