| commit | 28af2c29f23ac6ed1445d080a806fd9d609b6a8e | [log] [tgz] |
|---|---|---|
| author | Ereth McKnight-MacNeil <ereth@google.com> | Thu Jul 30 16:34:02 2020 -0700 |
| committer | Commit Bot <commit-bot@chromium.org> | Thu Aug 06 21:26:43 2020 +0000 |
| tree | 1062f7301f78a84290bbe4b1f3b74ce8a2217308 | |
| parent | 70c50284a36db7924a0d27f20d0860bd6f0686ef [diff] |
adbd: Add gettid & futex to seccomp See seccomp denials on recent builds. Calls to gettid appear to be from cxa_guard_impl.h, the implemention also appears to use a futex. Note that seccomp policy for arcvm already has gettid and futex allowed. BUG=b/162054556 TEST=Connect to ADB via USB Change-Id: I70683988c86ce31331962f9eb14875348a59918b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2330798 Tested-by: Ereth McKnight-MacNeil <ereth@chromium.org> Auto-Submit: Ereth McKnight-MacNeil <ereth@chromium.org> Reviewed-by: Ben Lin <linben@chromium.org> Reviewed-by: Victor Hsieh <victorhsieh@chromium.org> Commit-Queue: Ereth McKnight-MacNeil <ereth@chromium.org>
diff --git a/arc/adbd/seccomp/arc-adbd-amd64.policy b/arc/adbd/seccomp/arc-adbd-amd64.policy index 1960037..a440a0a 100644 --- a/arc/adbd/seccomp/arc-adbd-amd64.policy +++ b/arc/adbd/seccomp/arc-adbd-amd64.policy
@@ -38,6 +38,8 @@ munmap: 1 tgkill: 1 sendto: 1 +gettid:1 +futex:1 # For modprobe(8) clone: 1
diff --git a/arc/adbd/seccomp/arc-adbd-arm.policy b/arc/adbd/seccomp/arc-adbd-arm.policy index 7dfcf86..f8a4f4e 100644 --- a/arc/adbd/seccomp/arc-adbd-arm.policy +++ b/arc/adbd/seccomp/arc-adbd-arm.policy
@@ -40,6 +40,8 @@ symlink: 1 tgkill: 1 sendto: 1 +gettid:1 +futex:1 # For modprobe(8) clone: 1
diff --git a/arc/adbd/seccomp/arc-adbd-arm64.policy b/arc/adbd/seccomp/arc-adbd-arm64.policy index f539202..034a617 100644 --- a/arc/adbd/seccomp/arc-adbd-arm64.policy +++ b/arc/adbd/seccomp/arc-adbd-arm64.policy
@@ -37,6 +37,8 @@ symlink: 1 tgkill: 1 sendto: 1 +gettid:1 +futex:1 # For modprobe(8) clone: 1