Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_frameworks_base / 9375f3eff6ce13562285d01aa6d23f35cc22159a^1..9375f3eff6ce13562285d01aa6d23f35cc22159a / .
commit9375f3eff6ce13562285d01aa6d23f35cc22159a[log] [tgz]
authorPaul Lawrence <paullawrence@google.com>Fri Feb 03 20:19:11 2017 +0000
committerandroid-build-merger <android-build-merger@google.com>Fri Feb 03 20:19:11 2017 +0000
treedd7e5bedb4515f823bc70a5787a73c6446b9cd8b
parent281fae21f82c3a9d2b9aa613a07f2f38584e5dc7 [diff]
parent7e812616c990f5396d4b06f11edd3798e84077d5 [diff]
Merge "Optimize seccomp"
am: 7e812616c9

Change-Id: I6061c25fe18b136d9a4920acd3f54043c44abe4a

diff --git a/core/jni/android_os_seccomp.cpp b/core/jni/android_os_seccomp.cpp
index fc35a74..75b898e 100644
--- a/core/jni/android_os_seccomp.cpp
+++ b/core/jni/android_os_seccomp.cpp

@@ -122,6 +122,10 @@
     // 64-bit filter
     ExamineSyscall(f);
 
+    // arm64-only filter - autogenerated from bionic syscall usage
+    for (size_t i = 0; i < arm64_filter_size; ++i)
+        f.push_back(arm64_filter[i]);
+
     // Syscalls needed to boot Android
     AllowSyscall(f, 41);  // __NR_pivot_root
     AllowSyscall(f, 31);  // __NR_ioprio_get
@@ -143,9 +147,7 @@
     // Needed for kernel to restart syscalls
     AllowSyscall(f, 128); // __NR_restart_syscall
 
-    // arm64-only filter - autogenerated from bionic syscall usage
-    for (size_t i = 0; i < arm64_filter_size; ++i)
-        f.push_back(arm64_filter[i]);
+    Trap(f);
 
     if (SetValidateArchitectureJumpTarget(offset_to_32bit_filter, f) != 0)
         return -1;
@@ -153,6 +155,10 @@
     // 32-bit filter
     ExamineSyscall(f);
 
+    // arm32 filter - autogenerated from bionic syscall usage
+    for (size_t i = 0; i < arm_filter_size; ++i)
+        f.push_back(arm_filter[i]);
+
     // Syscalls needed to boot android
     AllowSyscall(f, 120); // __NR_clone
     AllowSyscall(f, 240); // __NR_futex
@@ -200,9 +206,7 @@
     // already allowed.
     AllowSyscall(f, 85);  // __NR_readlink
 
-    // arm32 filter - autogenerated from bionic syscall usage
-    for (size_t i = 0; i < arm_filter_size; ++i)
-        f.push_back(arm_filter[i]);
+    Trap(f);
 
     return install_filter(f);
 }