| /* |
| ** |
| ** Copyright 2015, The Android Open Source Project |
| ** |
| ** Licensed under the Apache License, Version 2.0 (the "License"); |
| ** you may not use this file except in compliance with the License. |
| ** You may obtain a copy of the License at |
| ** |
| ** http://www.apache.org/licenses/LICENSE-2.0 |
| ** |
| ** Unless required by applicable law or agreed to in writing, software |
| ** distributed under the License is distributed on an "AS IS" BASIS, |
| ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| ** See the License for the specific language governing permissions and |
| ** limitations under the License. |
| */ |
| |
| #include <cutils/log.h> |
| #include <libminijail.h> |
| |
| #include "minijail.h" |
| |
| namespace android { |
| |
| /* Must match location in Android.mk */ |
| static const char kSeccompFilePath[] = "/system/etc/seccomp_policy/mediaextractor-seccomp.policy"; |
| |
| int MiniJail() |
| { |
| /* no seccomp policy for this architecture */ |
| if (access(kSeccompFilePath, R_OK) == -1) { |
| ALOGW("No seccomp filter defined for this architecture."); |
| return 0; |
| } |
| |
| struct minijail *jail = minijail_new(); |
| if (jail == NULL) { |
| ALOGW("Failed to create minijail."); |
| return -1; |
| } |
| |
| minijail_no_new_privs(jail); |
| minijail_log_seccomp_filter_failures(jail); |
| minijail_use_seccomp_filter(jail); |
| minijail_parse_seccomp_filters(jail, kSeccompFilePath); |
| minijail_enter(jail); |
| minijail_destroy(jail); |
| return 0; |
| } |
| } |