[Android] Allow __NR_process_vm_readv under Seccomp.

Bug: 766245 Change-Id: Ic494f526c1b8d15483ca7e9a97d9f044f276c26d Reviewed-on: https://chromium-review.googlesource.com/671556Reviewed-by: Richard Coles <torne@chromium.org> Commit-Queue: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#502714}

[Android] Allow __NR_process_vm_readv under Seccomp.
Bug: 766245 Change-Id: Ic494f526c1b8d15483ca7e9a97d9f044f276c26d Reviewed-on: https://chromium-review.googlesource.com/671556Reviewed-by: Richard Coles <torne@chromium.org> Commit-Queue: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#502714}
7844944f · Robert Sesek · 7cd6c29f · 7844944f
Commit 7844944f authored Sep 18, 2017 by Robert Sesek
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc +7 -0

No files found.
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc
@@ -149,6 +149,13 @@ ResultExpr BaselinePolicyAndroid::EvaluateSyscall(int sysno) const {
           .Else(Error(EPERM));
  }
+  // https://crbug.com/766245
+  if (sysno == __NR_process_vm_readv) {
+    const Arg<pid_t> pid(0);
+    return If(pid == policy_pid(), Allow())
+           .Else(Error(EPERM));
+  }
  // https://crbug.com/655299
  if (sysno == __NR_clock_getres) {
    return RestrictClockID();