pa-fazil
/
android_bionic
mirror of https://github.com/fazilsheik96/android_bionic.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow bpf() syscall 

The implementation of FUSE BPF requires the FUSE daemon to access BPF
functionalities, i.e., to get the fd of a pinned BPF prog and to update
maps.
In Android the FUSE daemon is part of MediaProvider which, belonging to
the apps domain, can only access the subset of syscalls allowed by
seccomp, of which bpf() is currently blocked.

This patch removes this limitation by adding the bpf() syscall to the
allowed seccomp syscalls.

Allowing the bpf() syscall is safe as its usage is still gated by
selinux and regular apps are not allowed to use it.

Bug: 202785178
Test: m
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I5887e8d22906c386307e54d3131c679fee0d9f26
This commit is contained in:
Alessio Balsini 2021-11-11 18:43:00 +00:00
parent 1d4272e3e4
commit 5afe3f8a6a
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libc/SYSCALLS.TXT
View File

@ -306,6 +306,8 @@ int klogctl:syslog(int, char*, int) all
int sysinfo(struct sysinfo*) all
int personality(unsigned long) all
int bpf(int, union bpf_attr *, unsigned int) all
ssize_t tee(int, int, size_t, unsigned int) all
ssize_t splice(int, off64_t*, int, off64_t*, size_t, unsigned int) all
ssize_t vmsplice(int, const struct iovec*, size_t, unsigned int) all