1 /* 2 ** 3 ** Copyright 2015, The Android Open Source Project 4 ** 5 ** Licensed under the Apache License, Version 2.0 (the "License"); 6 ** you may not use this file except in compliance with the License. 7 ** You may obtain a copy of the License at 8 ** 9 ** http://www.apache.org/licenses/LICENSE-2.0 10 ** 11 ** Unless required by applicable law or agreed to in writing, software 12 ** distributed under the License is distributed on an "AS IS" BASIS, 13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 ** See the License for the specific language governing permissions and 15 ** limitations under the License. 16 */ 17 18 #include <cutils/log.h> 19 #include <libminijail.h> 20 21 #include "minijail.h" 22 23 namespace android { 24 25 /* Must match location in Android.mk */ 26 static const char kSeccompFilePath[] = "/system/etc/seccomp_policy/mediaextractor-seccomp.policy"; 27 28 int MiniJail() 29 { 30 /* no seccomp policy for this architecture */ 31 if (access(kSeccompFilePath, R_OK) == -1) { 32 ALOGW("No seccomp filter defined for this architecture."); 33 return 0; 34 } 35 36 struct minijail *jail = minijail_new(); 37 if (jail == NULL) { 38 ALOGW("Failed to create minijail."); 39 return -1; 40 } 41 42 minijail_no_new_privs(jail); 43 minijail_log_seccomp_filter_failures(jail); 44 minijail_use_seccomp_filter(jail); 45 minijail_parse_seccomp_filters(jail, kSeccompFilePath); 46 minijail_enter(jail); 47 minijail_destroy(jail); 48 return 0; 49 } 50 } 51
