4f02dd5755c7ce1c7948f2d00d9e50995fff42c5 |
|
20-Dec-2017 |
Victor Hsieh <victorhsieh@google.com> |
Split zygote's seccomp filter into two To pave the way to reducing app's kernel attack surface, this change split the single filter into one for system and one for apps. Note that there is current no change between them. Zygote will apply these filters appropriately to system server and apps. Keep set_seccomp_filter() for now until the caller has switched to the new API, which I will do immediately after this before the two filters diverse. Also remove get_seccomp_filter() since it doesn't seem to be used anyway. Test: diff the generated code, no difference except the variable names Test: cts -m CtsSecurityTestCases -t android.security.cts.SeccompTest Bug: 63944145 Change-Id: Id8ba05a87332c92ec697926af77bc5742eb04b23
|