diff options
author | Paul Lawrence <paullawrence@google.com> | 2017-06-23 08:10:18 -0700 |
---|---|---|
committer | Paul Lawrence <paullawrence@google.com> | 2017-06-23 18:50:00 +0000 |
commit | c0c56ec7ceb953b275d8f1772f9276e72eb693ea (patch) | |
tree | efd304b34fc28d62355227b9bf097c0f8e5f7f23 | |
parent | d87e5aa769c7ff22d7301ef4a29db3c04d61c0cc (diff) | |
download | bionic-c0c56ec7ceb953b275d8f1772f9276e72eb693ea.tar.gz |
Expand Seccomp whitelist
This seccomp failure is in the fault handler:
05-25 12:03:25.042 10201 27425 27425 F DEBUG : backtrace:
05-25 12:03:25.042 10201 27425 27425 F DEBUG : #00 pc 00015380
/data/data/redacted/files/storage/lib/libcrashsdk.so
So whenever an app using this crash sdk crashes it looks like a seccomp
problem. Fixing this won't stop the apps crashing, but will make the
crash reports accurate and useful.
So yes, the bug below is already fixed, but this issue has come back 2
or 3 times with different apps (b/62090571, b/62874867). This change
doesn't fix that crash either, but again it improves the reporting.
Bug: 62947697
Test: Device boots, app still fails but no longer with SECCOMP error
Change-Id: Ie0f8dc965001c8bc43f6a545b35bdcd38f006213
-rw-r--r-- | libc/SECCOMP_WHITELIST.TXT | 3 | ||||
-rw-r--r-- | libc/seccomp/arm_policy.cpp | 2 | ||||
-rw-r--r-- | libc/seccomp/mips_policy.cpp | 2 | ||||
-rw-r--r-- | libc/seccomp/x86_policy.cpp | 2 |
4 files changed, 6 insertions, 3 deletions
diff --git a/libc/SECCOMP_WHITELIST.TXT b/libc/SECCOMP_WHITELIST.TXT index 4d6897ca3..beffef967 100644 --- a/libc/SECCOMP_WHITELIST.TXT +++ b/libc/SECCOMP_WHITELIST.TXT @@ -121,3 +121,6 @@ int dup2(int oldfd, int newfd) arm,x86,mips # b/62779795 int compat_select:_newselect(int n, unsigned long* inp, unsigned long* outp, unsigned long* exp, struct timeval* timeout) arm,x86,mips + +# b/62090571 +int mkdir(const char *pathname, mode_t mode) arm,x86,mips
\ No newline at end of file diff --git a/libc/seccomp/arm_policy.cpp b/libc/seccomp/arm_policy.cpp index b8f62a654..2f9f25ea9 100644 --- a/libc/seccomp/arm_policy.cpp +++ b/libc/seccomp/arm_policy.cpp @@ -23,7 +23,7 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 25, 114, 113), //getuid BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 27, 113, 112), //ptrace BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 36, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 34, 111, 110), //access -BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 39, 110, 109), //sync|kill|rename +BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 40, 110, 109), //sync|kill|rename|mkdir BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 57, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 51, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 45, 1, 0), diff --git a/libc/seccomp/mips_policy.cpp b/libc/seccomp/mips_policy.cpp index e9d0fa34a..192ebffed 100644 --- a/libc/seccomp/mips_policy.cpp +++ b/libc/seccomp/mips_policy.cpp @@ -25,7 +25,7 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4034, 96, 95), //access BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4054, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4045, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4041, 1, 0), -BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4039, 92, 91), //sync|kill|rename +BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4040, 92, 91), //sync|kill|rename|mkdir BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4044, 91, 90), //dup|pipe|times BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4049, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4048, 89, 88), //brk|setgid|getgid diff --git a/libc/seccomp/x86_policy.cpp b/libc/seccomp/x86_policy.cpp index d27696ef2..acf063dc8 100644 --- a/libc/seccomp/x86_policy.cpp +++ b/libc/seccomp/x86_policy.cpp @@ -23,7 +23,7 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 25, 100, 99), //getuid BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 27, 99, 98), //ptrace BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 36, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 34, 97, 96), //access -BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 39, 96, 95), //sync|kill|rename +BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 40, 96, 95), //sync|kill|rename|mkdir BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 57, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 51, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 45, 1, 0), |