summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/jni/Android.mk2
-rw-r--r--core/jni/android_os_seccomp.cpp7
2 files changed, 9 insertions, 0 deletions
diff --git a/core/jni/Android.mk b/core/jni/Android.mk
index a9ca12b26d0b..69867323a0be 100644
--- a/core/jni/Android.mk
+++ b/core/jni/Android.mk
@@ -218,6 +218,8 @@ LOCAL_C_INCLUDES += \
LOCAL_STATIC_LIBRARIES := \
libseccomp_policy \
+ libselinux \
+ libcrypto \
LOCAL_SHARED_LIBRARIES := \
libmemtrack \
diff --git a/core/jni/android_os_seccomp.cpp b/core/jni/android_os_seccomp.cpp
index dd5622d80e45..45023713ea85 100644
--- a/core/jni/android_os_seccomp.cpp
+++ b/core/jni/android_os_seccomp.cpp
@@ -17,9 +17,16 @@
#include "core_jni_helpers.h"
#include "JniConstants.h"
#include "utils/Log.h"
+#include <selinux/selinux.h>
+
#include "seccomp_policy.h"
static void Seccomp_setPolicy(JNIEnv* /*env*/) {
+ if (security_getenforce() == 0) {
+ ALOGI("seccomp disabled by setenforce 0");
+ return;
+ }
+
if (!set_seccomp_filter()) {
ALOGE("Failed to set seccomp policy - killing");
exit(1);
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2026-01-06 13:27:03 +0000