1// 2// Copyright (C) 2017 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#include <android-base/logging.h> 18#include <libminijail.h> 19 20#include <hwminijail/HardwareMinijail.h> 21 22namespace android { 23namespace hardware { 24 25void SetupMinijail(const std::string& seccomp_policy_path) { 26 if (access(seccomp_policy_path.c_str(), R_OK) == -1) { 27 LOG(WARNING) << "Could not find seccomp policy file at: " << seccomp_policy_path; 28 return; 29 } 30 31 struct minijail* jail = minijail_new(); 32 if (jail == NULL) { 33 LOG(FATAL) << "Failed to create minijail."; 34 } 35 36 minijail_no_new_privs(jail); 37 minijail_log_seccomp_filter_failures(jail); 38 minijail_use_seccomp_filter(jail); 39 minijail_parse_seccomp_filters(jail, seccomp_policy_path.c_str()); 40 minijail_enter(jail); 41 minijail_destroy(jail); 42} 43 44} // namespace hardware 45} // namespace android 46