Create global seccomp policy.

Enabling seccomp across all processes, rather than just zygote, is
useful for auditing the syscall usage of AOSP. Create a global seccomp
policy that can optionally be enabled by init.

Bug: 37960259
Test: confirm global seccomp by removing finit_module from policy and
      observing modprobe fail, confirm regular seccomp unchanged by
      comparing length of installed bpf
Change-Id: Iac53a42fa26a80b05126f262dd9525f4f66df558

1 files changed, 18 insertions, 0 deletions

diff --git a/libc/SECCOMP_WHITELIST_GLOBAL.TXT b/libc/SECCOMP_WHITELIST_GLOBAL.TXT
new file mode 100644
index 000000000..f3e5a98a3
--- /dev/null
+++ b/libc/SECCOMP_WHITELIST_GLOBAL.TXT
@@ -0,0 +1,18 @@
+# This file is used to populate seccomp's global whitelist policy in
+# combination with SYSCALLS.TXT, SECCOMP_BLACKLIST.TXT and
+# SECCOMP_WHITELIST.TXT.  Unlike the policy used in normal operation this
+# policy is applied globally during the early stage of init, if global seccomp
+# is enabled.
+#
+# See the description at the top of SYSCALLS.TXT for an explanation of the
+# format of the entries in this file.
+#
+# This file is processed by a python script named genseccomp.py.
+
+# syscalls needed to boot android
+int swapon(const char*, int) all
+long keyctl(int, ...) all
+key_serial_t add_key(const char*, const char*, const void*, size_t, key_serial_t) all
+
+# b/62715671
+int finit_module(int, const char*, int) all