3 files changed, 21 insertions, 0 deletions

diff --git a/sdm660_64.mk b/sdm660_64.mk
index ddca3a7..966a830 100755..100644
--- a/sdm660_64.mk
+++ b/sdm660_64.mk
@@ -46,6 +46,11 @@ PRODUCT_COPY_FILES += device/qcom/sdm660_64/media_profiles.xml:system/etc/media_
                       device/qcom/sdm660_64/media_codecs_performance.xml:system/etc/media_codecs_performance.xml
 endif #TARGET_ENABLE_QC_AV_ENHANCEMENTS
 
+# video seccomp policy files
+PRODUCT_COPY_FILES += \
+    device/qcom/sdm660_64/seccomp/mediacodec-seccomp.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediacodec.policy \
+    device/qcom/sdm660_64/seccomp/mediaextractor-seccomp.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaextractor.policy
+
 PRODUCT_COPY_FILES += device/qcom/sdm660_64/whitelistedapps.xml:system/vendor/etc/whitelistedapps.xml \
                       device/qcom/sdm660_64/gamedwhitelist.xml:system/vendor/etc/gamedwhitelist.xml \
                       device/qcom/sdm660_64/appboosts.xml:system/vendor/etc/appboosts.xml
diff --git a/seccomp/mediacodec-seccomp.policy b/seccomp/mediacodec-seccomp.policy
new file mode 100644
index 0000000..81d042b
--- /dev/null
+++ b/seccomp/mediacodec-seccomp.policy
@@ -0,0 +1,12 @@
+# device specific syscalls
+# extension of services/mediacodec/minijail/seccomp_policy/mediacodec-seccomp-arm.policy
+pselect6: 1
+eventfd2: 1
+sendto: 1
+recvfrom: 1
+_llseek: 1
+sysinfo: 1
+getcwd: 1
+getdents64: 1
+inotify_init1: 1
+inotify_add_watch: 1
diff --git a/seccomp/mediaextractor-seccomp.policy b/seccomp/mediaextractor-seccomp.policy
new file mode 100644
index 0000000..77c1e2a
--- /dev/null
+++ b/seccomp/mediaextractor-seccomp.policy
@@ -0,0 +1,4 @@
+# device specific syscalls.
+# extension of services/mediaextractor/minijail/seccomp_policy/mediaextractor-seccomp-arm.policy
+readlinkat: 1
+pread64: 1