Enable seccomp in init with generated policy

Test: Ran script to test performance - https://b.corp.google.com/issues/32313202#comment3 Saw no significant regression with this change on or off Removed chroot from SYSCALLS.TXT - chroot blocked Boot time appears reasonable Device boots with no SECCOMP blockings Measured per syscall time of 100ns Empirically counted <100,000 syscalls a second under heavy load Bug: 32313202 Change-Id: Icfcfbcb72b2de1b38f1ad6a82e8ece3bd1c9e7ec
author: Paul Lawrence <paullawrence@google.com> 2016-10-21 13:13:02 -0700
committer: Paul Lawrence <paullawrence@google.com> 2017-01-10 10:09:38 -0800
commit: db929bf9b740b3b7c02cf0acc07fee94406f3b3f (patch)
tree: 734e7e55da8c5aa667fd113c492fbcb8608f4793 /init/Android.mk
parent: d5583867c61867252d4a8d794704f9c2d40bbca8 (diff)
download: core-db929bf9b740b3b7c02cf0acc07fee94406f3b3f.tar.gz
core-db929bf9b740b3b7c02cf0acc07fee94406f3b3f.tar.bz2
core-db929bf9b740b3b7c02cf0acc07fee94406f3b3f.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/init/Android.mk b/init/Android.mk
index 111fe895f..212288006 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -70,6 +70,7 @@ LOCAL_SRC_FILES:= \
     init.cpp \
     keychords.cpp \
     property_service.cpp \
+    seccomp.cpp \
     signal_handler.cpp \
     ueventd.cpp \
     ueventd_parser.cpp \
@@ -96,6 +97,7 @@ LOCAL_STATIC_LIBRARIES := \
     libbase \
     libc \
     libselinux \
+    libseccomp_policy \
     liblog \
     libcrypto_utils \
     libcrypto \
author	Paul Lawrence <paullawrence@google.com>	2016-10-21 13:13:02 -0700
committer	Paul Lawrence <paullawrence@google.com>	2017-01-10 10:09:38 -0800
commit	db929bf9b740b3b7c02cf0acc07fee94406f3b3f (patch)
tree	734e7e55da8c5aa667fd113c492fbcb8608f4793 /init/Android.mk
parent	d5583867c61867252d4a8d794704f9c2d40bbca8 (diff)
download	core-db929bf9b740b3b7c02cf0acc07fee94406f3b3f.tar.gz core-db929bf9b740b3b7c02cf0acc07fee94406f3b3f.tar.bz2 core-db929bf9b740b3b7c02cf0acc07fee94406f3b3f.zip