From a481a0b4732b73cc295dc438f8fd8a7191d9d53a Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Fri, 23 Jun 2017 08:10:18 -0700 Subject: Expand Seccomp whitelist This seccomp failure is in the fault handler: 05-25 12:03:25.042 10201 27425 27425 F DEBUG : backtrace: 05-25 12:03:25.042 10201 27425 27425 F DEBUG : #00 pc 00015380 /data/data/redacted/files/storage/lib/libcrashsdk.so So whenever an app using this crash sdk crashes it looks like a seccomp problem. Fixing this won't stop the apps crashing, but will make the crash reports accurate and useful. So yes, the bug below is already fixed, but this issue has come back 2 or 3 times with different apps (b/62090571, b/62874867). This change doesn't fix that crash either, but again it improves the reporting. Bug: 62947697 Test: Device boots, app still fails but no longer with SECCOMP error Change-Id: Ie0f8dc965001c8bc43f6a545b35bdcd38f006213 (cherry picked from commit c0c56ec7ceb953b275d8f1772f9276e72eb693ea) --- libc/SECCOMP_WHITELIST.TXT | 3 +++ libc/seccomp/arm_policy.cpp | 2 +- libc/seccomp/mips_policy.cpp | 2 +- libc/seccomp/x86_policy.cpp | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/libc/SECCOMP_WHITELIST.TXT b/libc/SECCOMP_WHITELIST.TXT index 4d6897ca3..beffef967 100644 --- a/libc/SECCOMP_WHITELIST.TXT +++ b/libc/SECCOMP_WHITELIST.TXT @@ -121,3 +121,6 @@ int dup2(int oldfd, int newfd) arm,x86,mips # b/62779795 int compat_select:_newselect(int n, unsigned long* inp, unsigned long* outp, unsigned long* exp, struct timeval* timeout) arm,x86,mips + +# b/62090571 +int mkdir(const char *pathname, mode_t mode) arm,x86,mips \ No newline at end of file diff --git a/libc/seccomp/arm_policy.cpp b/libc/seccomp/arm_policy.cpp index b8f62a654..2f9f25ea9 100644 --- a/libc/seccomp/arm_policy.cpp +++ b/libc/seccomp/arm_policy.cpp @@ -23,7 +23,7 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 25, 114, 113), //getuid BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 27, 113, 112), //ptrace BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 36, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 34, 111, 110), //access -BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 39, 110, 109), //sync|kill|rename +BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 40, 110, 109), //sync|kill|rename|mkdir BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 57, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 51, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 45, 1, 0), diff --git a/libc/seccomp/mips_policy.cpp b/libc/seccomp/mips_policy.cpp index e9d0fa34a..192ebffed 100644 --- a/libc/seccomp/mips_policy.cpp +++ b/libc/seccomp/mips_policy.cpp @@ -25,7 +25,7 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4034, 96, 95), //access BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4054, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4045, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4041, 1, 0), -BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4039, 92, 91), //sync|kill|rename +BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4040, 92, 91), //sync|kill|rename|mkdir BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4044, 91, 90), //dup|pipe|times BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4049, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 4048, 89, 88), //brk|setgid|getgid diff --git a/libc/seccomp/x86_policy.cpp b/libc/seccomp/x86_policy.cpp index d27696ef2..acf063dc8 100644 --- a/libc/seccomp/x86_policy.cpp +++ b/libc/seccomp/x86_policy.cpp @@ -23,7 +23,7 @@ BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 25, 100, 99), //getuid BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 27, 99, 98), //ptrace BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 36, 1, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 34, 97, 96), //access -BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 39, 96, 95), //sync|kill|rename +BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 40, 96, 95), //sync|kill|rename|mkdir BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 57, 7, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 51, 3, 0), BPF_JUMP(BPF_JMP|BPF_JGE|BPF_K, 45, 1, 0), -- cgit v1.2.3