From d648399ddf41c4017bb04ecf45d160a4fcfa6611 Mon Sep 17 00:00:00 2001
From: Joel Fernandes <joelaf@google.com>
Date: Sat, 22 Dec 2018 18:11:34 -0800
Subject: [PATCH] Add memfd related syscalls to allowed list

Required for migration of ashmem to memfd.

Bug: 113362644
Change-Id: I5c63ff130f67481deed5c8d975830463716c397c
Signed-off-by: Joel Fernandes <joelaf@google.com>
---
 services/mediacodec/seccomp_policy/mediacodec-arm.policy     | 2 ++
 services/mediacodec/seccomp_policy/mediaswcodec-arm.policy   | 2 ++
 services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/services/mediacodec/seccomp_policy/mediacodec-arm.policy b/services/mediacodec/seccomp_policy/mediacodec-arm.policy
index edf4dabc4d..0aa5acc2a7 100644
--- a/services/mediacodec/seccomp_policy/mediacodec-arm.policy
+++ b/services/mediacodec/seccomp_policy/mediacodec-arm.policy
@@ -13,6 +13,8 @@ dup: 1
 ppoll: 1
 mmap2: 1
 getrandom: 1
+memfd_create: 1
+ftruncate64: 1
 
 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail
 # parser support for '<' is in this needs to be modified to also prevent
diff --git a/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy b/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy
index 588141a297..b9adbd9613 100644
--- a/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy
+++ b/services/mediacodec/seccomp_policy/mediaswcodec-arm.policy
@@ -21,6 +21,8 @@ dup: 1
 ppoll: 1
 mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
 mmap2: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
+memfd_create: 1
+ftruncate64: 1
 
 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail
 # parser support for '<' is in this needs to be modified to also prevent
diff --git a/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy b/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
index 1bee1b5478..7abb432b23 100644
--- a/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
+++ b/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
@@ -26,6 +26,8 @@ getrlimit: 1
 fstat: 1
 newfstatat: 1
 fstatfs: 1
+memfd_create: 1
+ftruncate64: 1
 
 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail
 # parser support for '<' is in this needs to be modified to also prevent