ddb50a0d099910cddfe2b342d3abcc21e281e3d5 |
|
14-Jun-2016 |
Pawin Vongmasa <pawin@google.com> |
Increase the memory limit of media.extractor to 20%. Bug: 29185862 Change-Id: I130ef8504dc93738a413554ae1a340864ae395c6
/frameworks/av/services/mediaextractor/main_extractorservice.cpp
|
c57fe21ebdd6813c5a8954f3fda51b82d26acd07 |
|
31-May-2016 |
Marco Nelissen <marcone@google.com> |
limit mediaextractor memory Limit mediaextractor using rlimit, to prevent it from bringing down the system via the low memory killer. Bug: 28471206 Bug: 28615448 Change-Id: Ic84137435d1ef0a6883e9789a4b4f399e4283f05
/frameworks/av/services/mediaextractor/main_extractorservice.cpp
|
88e25bfbf22f781225ba6284889194dac498fa4d |
|
11-Jan-2016 |
Jeffrey Vander Stoep <jeffv@google.com> |
Revert "disable seccomp" Confirmed that libminijail checks for seccomp support in kernel before attempting to apply a filter. This reverts commit 1ab2f2d0a6208ec9b6bb7e8b130efa9b70737f98. Change-Id: I33a412bf9c836ca56669bb83506a8774f6607188
/frameworks/av/services/mediaextractor/main_extractorservice.cpp
|
1ab2f2d0a6208ec9b6bb7e8b130efa9b70737f98 |
|
09-Jan-2016 |
Jeff Vander Stoep <jeffv@google.com> |
disable seccomp Temporarily disable seccomp filtering. Change-Id: Ibf7d01f33359be7f15eddefd5cc4ca685cc8971e
/frameworks/av/services/mediaextractor/main_extractorservice.cpp
|
125c04575a480044e51de97889a2cb844bcab84c |
|
12-Dec-2015 |
Jeff Vander Stoep <jeffv@google.com> |
mediaex: apply seccomp filter We can safely reduce the number of accessible system calls from ~250 down to ~30. This commit adds a seccomp filter for arm/arm64 devices. Mediaextractor runs as a 32 bit process so the same filter is used for both arm and arm64 devices. The filter is arranged by frequency of the systemcall to provide the best performance. Most system calls are whitelisted without argument inspection. The exception is the socket syscall where the first argument is checked to ensure only domain=AF_LOCAL sockets are allowed - used for logging. Vendor additions may be appended to the default filter by creating mediaextractor-seccomp.policy file and pointing BOARD_SECCOMP_POLICY to the directory where it resides. For example: create: device/<oem>/<target>/seccomp/mediaextractor-seccomp.policy with the necessary syscalls. set: BOARD_SECCOMP_POLICY=device/<oem>/<target>/seccomp in the device's BoardConfig.mk Change-Id: I384a43beaa18f10081c15320a795d9d9d0180de4
/frameworks/av/services/mediaextractor/main_extractorservice.cpp
|
b2487f03f12dcafdb801fc0007c8df8412397f44 |
|
01-Sep-2015 |
Marco Nelissen <marcone@google.com> |
Extractor service Run extractors in a separate process. Currently all data is copied through a binder transaction, and WVMExtractor is still run in the mediaserver process. Change-Id: Ic5dbce87126dd321ad792f4dd540c2ff6b068d13
/frameworks/av/services/mediaextractor/main_extractorservice.cpp
|