1 files changed, 65 insertions, 0 deletions

diff --git a/jni/minijail/minijail.cpp b/jni/minijail/minijail.cpp
new file mode 100644
index 00000000..9eebc49b
--- /dev/null
+++ b/jni/minijail/minijail.cpp
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "minijail.h"
+#include <unistd.h>
+#include <sys/types.h>
+#include <signal.h>
+
+#include <libminijail.h>
+#include <scoped_minijail.h>
+#include <android/log.h>
+
+#ifndef LOG_TAG
+#define LOG_TAG "minijail"
+#endif
+
+#define ALOGE(...) __android_log_print(ANDROID_LOG_ERROR  , LOG_TAG, __VA_ARGS__)
+
+
+/*
+ * Class:     com_android_tv_tuner_exoplayer_ffmpeg_FfmpegDecoderService
+ * Method:    nativeSetupMinijail
+ * Signature: (I)V
+ */
+JNIEXPORT void JNICALL
+Java_com_android_tv_tuner_exoplayer_ffmpeg_FfmpegDecoderService_nativeSetupMinijail
+(JNIEnv *, jobject, jint policyFd) {
+    ScopedMinijail jail{minijail_new()};
+    if (!jail) {
+        ALOGE("Failed to create minijail");
+    }
+
+    minijail_no_new_privs(jail.get());
+    minijail_log_seccomp_filter_failures(jail.get());
+    minijail_use_seccomp_filter(jail.get());
+    minijail_set_seccomp_filter_tsync(jail.get());
+    // Transfer ownership of |policy_fd|.
+    minijail_parse_seccomp_filters_from_fd(jail.get(), policyFd);
+    minijail_enter(jail.get());
+    close(policyFd);
+}
+
+/*
+ * Class:     com_android_tv_tuner_exoplayer_ffmpeg_FfmpegDecoderService
+ * Method:    nativeTestMinijail
+ * Signature: ()V
+ */
+JNIEXPORT void JNICALL
+Java_com_android_tv_tuner_exoplayer_ffmpeg_FfmpegDecoderService_nativeTestMinijail
+(JNIEnv *, jobject) {
+    kill(getpid(), SIGUSR1);
+}
\ No newline at end of file