From 75a7af3a6ca07dedc90cca3252a7a388af322226 Mon Sep 17 00:00:00 2001
From: Amit Shekhar <ashekhar@codeaurora.org>
Date: Mon, 3 Apr 2017 15:49:55 -0700
Subject: [PATCH] mediacodec: Allow select and eventfd syscalls

Add pselect6 and eventfd2 syscalls
Includes following:
mediacodec: allow sendto and recvfrom syscalls
mediacodec: allow lseek syscall
mediaextractor: allow pread64 and readlinkat syscalls
mediacodec: allow getdents64, sysinfo and getcwd

Vendor extended policy files are separated from the aosp
and will now reside in /vendor

Change-Id: If59d04b36d744efb74209ae36e76dd16cb18f606
CRs-Fixed: 2027600
Signed-off-by: DennySPb <dennyspb@gmail.com>
---
 device.mk                             |  5 +++++
 seccomp/mediacodec-seccomp.policy     | 10 ++++++++++
 seccomp/mediaextractor-seccomp.policy |  4 ++++
 3 files changed, 19 insertions(+)
 create mode 100644 seccomp/mediacodec-seccomp.policy
 create mode 100644 seccomp/mediaextractor-seccomp.policy

diff --git a/device.mk b/device.mk
index 96a2ef9..81b9e53 100644
--- a/device.mk
+++ b/device.mk
@@ -188,6 +188,11 @@ PRODUCT_COPY_FILES += \
     $(LOCAL_PATH)/configs/media_profiles_vendor.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_profiles_vendor.xml \
     $(LOCAL_PATH)/configs/system_properties.xml:$(TARGET_COPY_OUT_VENDOR)/etc/system_properties.xml
 
+# Seccomp policy
+PRODUCT_COPY_FILES += \
+    $(LOCAL_PATH)/seccomp/mediacodec-seccomp.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediacodec.policy \
+    $(LOCAL_PATH)/seccomp/mediaextractor-seccomp.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaextractor.policy
+
 PRODUCT_PACKAGES += \
     libmediaplayerservice
 
diff --git a/seccomp/mediacodec-seccomp.policy b/seccomp/mediacodec-seccomp.policy
new file mode 100644
index 0000000..77162fd
--- /dev/null
+++ b/seccomp/mediacodec-seccomp.policy
@@ -0,0 +1,10 @@
+# device specific syscalls
+# extension of services/mediacodec/minijail/seccomp_policy/mediacodec-seccomp-arm.policy
+pselect6: 1
+eventfd2: 1
+sendto: 1
+recvfrom: 1
+_llseek: 1
+sysinfo: 1
+getcwd: 1
+getdents64: 1
diff --git a/seccomp/mediaextractor-seccomp.policy b/seccomp/mediaextractor-seccomp.policy
new file mode 100644
index 0000000..77c1e2a
--- /dev/null
+++ b/seccomp/mediaextractor-seccomp.policy
@@ -0,0 +1,4 @@
+# device specific syscalls.
+# extension of services/mediaextractor/minijail/seccomp_policy/mediaextractor-seccomp-arm.policy
+readlinkat: 1
+pread64: 1