summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--common.mk7
-rw-r--r--seccomp/mediacodec-seccomp.policy7
-rw-r--r--seccomp/mediaextractor-seccomp.policy4
3 files changed, 18 insertions, 0 deletions
diff --git a/common.mk b/common.mk
index d55bcff..ba5ed43 100644
--- a/common.mk
+++ b/common.mk
@@ -24,6 +24,13 @@ TARGET_USES_QCOM_MM_AUDIO := true
# Skip boot jars check
SKIP_BOOT_JARS_CHECK := true
+# SECCOMP Extension
+BOARD_SECCOMP_POLICY += device/qcom/common/seccomp
+
+PRODUCT_COPY_FILES += \
+ device/qcom/common/seccomp/mediacodec-seccomp.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediacodec.policy \
+ device/qcom/common/seccomp/mediaextractor-seccomp.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaextractor.policy
+
# QCOM HW crypto
ifeq ($(TARGET_HW_DISK_ENCRYPTION),true)
TARGET_CRYPTFS_HW_PATH ?= vendor/qcom/opensource/commonsys/cryptfs_hw
diff --git a/seccomp/mediacodec-seccomp.policy b/seccomp/mediacodec-seccomp.policy
new file mode 100644
index 0000000..f04ecba
--- /dev/null
+++ b/seccomp/mediacodec-seccomp.policy
@@ -0,0 +1,7 @@
+# device specific syscalls
+# extension of services/mediacodec/minijail/seccomp_policy/mediacodec-seccomp-arm.policy
+pselect6: 1
+eventfd2: 1
+sendto: 1
+recvfrom: 1
+_llseek: 1
diff --git a/seccomp/mediaextractor-seccomp.policy b/seccomp/mediaextractor-seccomp.policy
new file mode 100644
index 0000000..77c1e2a
--- /dev/null
+++ b/seccomp/mediaextractor-seccomp.policy
@@ -0,0 +1,4 @@
+# device specific syscalls.
+# extension of services/mediaextractor/minijail/seccomp_policy/mediaextractor-seccomp-arm.policy
+readlinkat: 1
+pread64: 1
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 06:25:33 +0000