diff options
| author | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-01-25 23:38:52 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2016-01-25 23:38:52 +0000 |
| commit | e8d25723b4065de0562e375d076b6b11ed89ac11 (patch) | |
| tree | 63deadb895b1278e0803e9aadccfd32cb0387112 | |
| parent | 2ab56955269a8b556de2f934d69cefcf41589233 (diff) | |
| parent | b98ad29bc07149cc8ffa29b986c7bc4339c9ad82 (diff) | |
| download | minijail-e8d25723b4065de0562e375d076b6b11ed89ac11.tar.gz | |
Add syscall logging support for x86_64 architectures on Android.
am: b98ad29bc0
* commit 'b98ad29bc07149cc8ffa29b986c7bc4339c9ad82':
Add syscall logging support for x86_64 architectures on Android.
| -rw-r--r-- | examples/drop_privs.cpp | 3 | ||||
| -rw-r--r-- | util.c | 27 |
2 files changed, 20 insertions, 10 deletions
diff --git a/examples/drop_privs.cpp b/examples/drop_privs.cpp index fb6b42e..26d1659 100644 --- a/examples/drop_privs.cpp +++ b/examples/drop_privs.cpp @@ -57,6 +57,9 @@ int main(void) { minijail_change_group(j, "system"); minijail_set_supplementary_gids(j, sizeof(groups) / sizeof(groups[0]), groups); // minijail_use_caps(j, CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID)); + // minijail_use_seccomp_filter(j); + // minijail_log_seccomp_filter_failures(j); + // minijail_parse_seccomp_filters(j, "/data/filter.policy"); minijail_enter(j); log_resugid(); minijail_destroy(j); @@ -16,6 +16,7 @@ * These are syscalls used by the syslog() C library call. You can find them * by running a simple test program. See below for x86_64 behavior: * $ cat test.c + * #include <syslog.h> * main() { syslog(0, "foo"); } * $ gcc test.c -static * $ strace ./a.out @@ -26,28 +27,34 @@ * exit_group(0) <- finish! */ #if defined(__x86_64__) -const char *log_syscalls[] = { "connect", "sendto" }; +#if defined(__ANDROID__) +const char *log_syscalls[] = {"socket", "connect", "fcntl", "writev"}; +#elif +const char *log_syscalls[] = {"connect", "sendto"}; +#endif #elif defined(__i386__) #if defined(__ANDROID__) -const char *log_syscalls[] = { "socketcall", "writev", "fcntl64", "clock_gettime" }; +const char *log_syscalls[] = {"socketcall", "writev", "fcntl64", + "clock_gettime"}; #else -const char *log_syscalls[] = { "socketcall", "time" }; +const char *log_syscalls[] = {"socketcall", "time"}; #endif #elif defined(__arm__) #if defined(__ANDROID__) -const char *log_syscalls[] = { "clock_gettime", "connect", "fcntl64", "socket", "writev" }; +const char *log_syscalls[] = {"clock_gettime", "connect", "fcntl64", "socket", + "writev"}; #else -const char *log_syscalls[] = { "connect", "gettimeofday", "send" }; +const char *log_syscalls[] = {"connect", "gettimeofday", "send"}; #endif #elif defined(__aarch64__) #if defined(__ANDROID__) -const char *log_syscalls[] = { "connect", "fcntl", "sendto", "socket", "writev" }; +const char *log_syscalls[] = {"connect", "fcntl", "sendto", "socket", "writev"}; #else -const char *log_syscalls[] = { "connect", "send" }; +const char *log_syscalls[] = {"connect", "send"}; #endif -#elif defined(__powerpc__) || defined(__ia64__) || defined(__hppa__) \ - || defined(__sparc__) || defined(__mips__) -const char *log_syscalls[] = { "connect", "send" }; +#elif defined(__powerpc__) || defined(__ia64__) || defined(__hppa__) || \ + defined(__sparc__) || defined(__mips__) +const char *log_syscalls[] = {"connect", "send"}; #else #error "Unsupported platform" #endif |