bonito: Add seccomp policy for Codec2 process
Add seccomp policy for Codec2 process
Bug: 149511958
Test: adb shell killall vendor.qti.media.c2@1.0-service
Change-Id: I0acfd9cd035f78fa323ae3deb8e793021ae01e45
(cherry picked from commit 5d7a82d304d76245393ba65c17dfb1a39ac8b547)
diff --git a/device.mk b/device.mk
index 694db34..339c494 100644
--- a/device.mk
+++ b/device.mk
@@ -461,7 +461,9 @@
PRODUCT_PACKAGES += \
libqcodec2 \
vendor.qti.media.c2@1.0-service \
- media_codecs_c2.xml
+ media_codecs_c2.xml \
+ codec2.vendor.ext.policy \
+ codec2.vendor.base.policy
PRODUCT_PACKAGES += \
android.hardware.camera.provider@2.4-impl \
@@ -644,7 +646,6 @@
# Vendor seccomp policy files for media components:
PRODUCT_COPY_FILES += \
- $(LOCAL_PATH)/seccomp_policy/codec2.vendor.ext.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/codec2.vendor.ext.policy \
$(LOCAL_PATH)/seccomp_policy/mediacodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediacodec.policy
ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
diff --git a/seccomp_policy/codec2.vendor.ext.policy b/seccomp_policy/codec2.vendor.ext.policy
deleted file mode 100644
index 07b7bf7..0000000
--- a/seccomp_policy/codec2.vendor.ext.policy
+++ /dev/null
@@ -1,9 +0,0 @@
-# device specific syscalls
-pselect6: 1
-eventfd2: 1
-sendto: 1
-recvfrom: 1
-_llseek: 1
-sysinfo: 1
-getcwd: 1
-getdents64: 1