40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
https://github.com/eafer/rdrview/pull/28
|
|
|
|
From bc65f4430b34a05499d12fb846f61f58297efb2e Mon Sep 17 00:00:00 2001
|
|
From: Tee KOBAYASHI <xtkoba@gmail.com>
|
|
Date: Mon, 7 Mar 2022 10:39:40 +0900
|
|
Subject: [PATCH] Add seccomp rules for Android
|
|
|
|
---
|
|
src/sandbox.c | 10 ++++++++++
|
|
1 file changed, 10 insertions(+)
|
|
|
|
diff --git a/src/sandbox.c b/src/sandbox.c
|
|
index ee0f676..c46f0a2 100644
|
|
--- a/src/sandbox.c
|
|
+++ b/src/sandbox.c
|
|
@@ -23,6 +23,10 @@
|
|
|
|
#include <seccomp.h>
|
|
|
|
+#ifdef __ANDROID__
|
|
+#include <sys/mman.h>
|
|
+#endif
|
|
+
|
|
static void do_start_sandbox(void)
|
|
{
|
|
scmp_filter_ctx ctx;
|
|
@@ -44,6 +48,12 @@ static void do_start_sandbox(void)
|
|
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0);
|
|
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap2), 0);
|
|
fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0);
|
|
+#ifdef __ANDROID__
|
|
+ fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(madvise), 1,
|
|
+ SCMP_A2_32(SCMP_CMP_EQ, MADV_DONTNEED, 0));
|
|
+ fail |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 1,
|
|
+ SCMP_A2_32(SCMP_CMP_MASKED_EQ, ~(PROT_READ|PROT_WRITE), 0));
|
|
+#endif
|
|
|
|
fail |= seccomp_load(ctx);
|
|
if (fail)
|