1 // 2 // Copyright (C) 2017 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include <android-base/logging.h> 18 #include <libminijail.h> 19 20 #include <hwminijail/HardwareMinijail.h> 21 22 namespace android { 23 namespace hardware { 24 25 void SetupMinijail(const std::string& seccomp_policy_path) { 26 if (access(seccomp_policy_path.c_str(), R_OK) == -1) { 27 LOG(WARNING) << "Could not find seccomp policy file at: " << seccomp_policy_path; 28 return; 29 } 30 31 struct minijail* jail = minijail_new(); 32 if (jail == NULL) { 33 LOG(FATAL) << "Failed to create minijail."; 34 } 35 36 minijail_no_new_privs(jail); 37 minijail_log_seccomp_filter_failures(jail); 38 minijail_use_seccomp_filter(jail); 39 minijail_parse_seccomp_filters(jail, seccomp_policy_path.c_str()); 40 minijail_enter(jail); 41 minijail_destroy(jail); 42 } 43 44 } // namespace hardware 45 } // namespace android 46
