From 2dde5ecefdf2691bdced553e4dfc276da1d9c17e Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 1 Sep 2017 15:53:29 -0400 Subject: [PATCH] whitelist getrandom for arc4random usage arc4random is called by the linker for dlopen to randomize the library load order, among other uses. It's becoming more widely used over time. It calls getentropy at regular intervals to reseed itself, which uses the getrandom system call. This wasn't noticed because it reseeds only very rarely with typical usage in Android. This was quickly noticed on CopperheadOS where the hardened allocator based on OpenBSD malloc uses at least one (often more) byte of entropy from arc4random for each call to malloc, free, realloc, etc. It's still needed *eventually* without the hardened allocator but it would take a lot of plugin loading / unloading, etc. with dlopen / dlclose to hit it at the moment. Change-Id: I0a448e833916373871edfc68274ac31e314d54f7 --- services/mediacodec/seccomp_policy/mediacodec-arm.policy | 1 + services/mediaextractor/seccomp_policy/mediaextractor-arm.policy | 1 + .../mediaextractor/seccomp_policy/mediaextractor-arm64.policy | 1 + services/mediaextractor/seccomp_policy/mediaextractor-x86.policy | 1 + 4 files changed, 4 insertions(+) diff --git a/services/mediacodec/seccomp_policy/mediacodec-arm.policy b/services/mediacodec/seccomp_policy/mediacodec-arm.policy index 73857f8746..8e1fc7784d 100644 --- a/services/mediacodec/seccomp_policy/mediacodec-arm.policy +++ b/services/mediacodec/seccomp_policy/mediacodec-arm.policy @@ -52,6 +52,7 @@ sched_setscheduler: 1 fstatat64: 1 ugetrlimit: 1 getdents64: 1 +getrandom: 1 # for attaching to debuggerd on process crash sigaction: 1 diff --git a/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy b/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy index e06ac8c4e8..4fa69d72f9 100644 --- a/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy +++ b/services/mediaextractor/seccomp_policy/mediaextractor-arm.policy @@ -39,6 +39,7 @@ getgid32: 1 getegid32: 1 getgroups32: 1 nanosleep: 1 +getrandom: 1 # for FileSource readlinkat: 1 diff --git a/services/mediaextractor/seccomp_policy/mediaextractor-arm64.policy b/services/mediaextractor/seccomp_policy/mediaextractor-arm64.policy index 4b51457d0f..e790a4c795 100644 --- a/services/mediaextractor/seccomp_policy/mediaextractor-arm64.policy +++ b/services/mediaextractor/seccomp_policy/mediaextractor-arm64.policy @@ -28,6 +28,7 @@ exit_group: 1 rt_sigreturn: 1 getrlimit: 1 nanosleep: 1 +getrandom: 1 # for FileSource readlinkat: 1 diff --git a/services/mediaextractor/seccomp_policy/mediaextractor-x86.policy b/services/mediaextractor/seccomp_policy/mediaextractor-x86.policy index cdff4dba07..3b37f92fbb 100644 --- a/services/mediaextractor/seccomp_policy/mediaextractor-x86.policy +++ b/services/mediaextractor/seccomp_policy/mediaextractor-x86.policy @@ -37,6 +37,7 @@ getgid32: 1 getegid32: 1 getgroups32: 1 nanosleep: 1 +getrandom: 1 # for FileSource readlinkat: 1