From 98dcfa60c5c8583db7ca11c337d9ce1b4c817030 Mon Sep 17 00:00:00 2001 From: Anubhav Phukan Date: Tue, 18 Apr 2017 17:40:35 +0530 Subject: sdm660_64: Install video seccomp policy files Change-Id: Iba21a7ce01c98fe3107d271011e6b8b29d181260 --- sdm660_64.mk | 5 +++++ seccomp/mediacodec-seccomp.policy | 12 ++++++++++++ seccomp/mediaextractor-seccomp.policy | 4 ++++ 3 files changed, 21 insertions(+) mode change 100755 => 100644 sdm660_64.mk create mode 100644 seccomp/mediacodec-seccomp.policy create mode 100644 seccomp/mediaextractor-seccomp.policy diff --git a/sdm660_64.mk b/sdm660_64.mk old mode 100755 new mode 100644 index ddca3a7..966a830 --- a/sdm660_64.mk +++ b/sdm660_64.mk @@ -46,6 +46,11 @@ PRODUCT_COPY_FILES += device/qcom/sdm660_64/media_profiles.xml:system/etc/media_ device/qcom/sdm660_64/media_codecs_performance.xml:system/etc/media_codecs_performance.xml endif #TARGET_ENABLE_QC_AV_ENHANCEMENTS +# video seccomp policy files +PRODUCT_COPY_FILES += \ + device/qcom/sdm660_64/seccomp/mediacodec-seccomp.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediacodec.policy \ + device/qcom/sdm660_64/seccomp/mediaextractor-seccomp.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaextractor.policy + PRODUCT_COPY_FILES += device/qcom/sdm660_64/whitelistedapps.xml:system/vendor/etc/whitelistedapps.xml \ device/qcom/sdm660_64/gamedwhitelist.xml:system/vendor/etc/gamedwhitelist.xml \ device/qcom/sdm660_64/appboosts.xml:system/vendor/etc/appboosts.xml diff --git a/seccomp/mediacodec-seccomp.policy b/seccomp/mediacodec-seccomp.policy new file mode 100644 index 0000000..81d042b --- /dev/null +++ b/seccomp/mediacodec-seccomp.policy @@ -0,0 +1,12 @@ +# device specific syscalls +# extension of services/mediacodec/minijail/seccomp_policy/mediacodec-seccomp-arm.policy +pselect6: 1 +eventfd2: 1 +sendto: 1 +recvfrom: 1 +_llseek: 1 +sysinfo: 1 +getcwd: 1 +getdents64: 1 +inotify_init1: 1 +inotify_add_watch: 1 diff --git a/seccomp/mediaextractor-seccomp.policy b/seccomp/mediaextractor-seccomp.policy new file mode 100644 index 0000000..77c1e2a --- /dev/null +++ b/seccomp/mediaextractor-seccomp.policy @@ -0,0 +1,4 @@ +# device specific syscalls. +# extension of services/mediaextractor/minijail/seccomp_policy/mediaextractor-seccomp-arm.policy +readlinkat: 1 +pread64: 1 -- cgit v1.2.3