/
0014-remove-mremap-from-the-system-call-whitelist.patch
76 lines (73 loc) · 3.68 KB
/
0014-remove-mremap-from-the-system-call-whitelist.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
From 93c475f41b8170181bc7d89c537f79ae6973d465 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Fri, 18 Nov 2016 10:53:56 -0500
Subject: [PATCH 14/24] remove mremap from the system call whitelist
---
sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc | 1 -
services/service_manager/sandbox/linux/bpf_cdm_policy_linux.cc | 1 -
.../sandbox/linux/bpf_pdf_compositor_policy_linux.cc | 1 -
.../service_manager/sandbox/linux/bpf_renderer_policy_linux.cc | 1 -
.../service_manager/sandbox/linux/bpf_utility_policy_linux.cc | 1 -
5 files changed, 5 deletions(-)
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc
index ba2d363a2252..bdbb5d3ea841 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc
@@ -94,7 +94,6 @@ ResultExpr BaselinePolicyAndroid::EvaluateSyscall(int sysno) const {
case __NR_getdents64:
case __NR_getpriority:
case __NR_ioctl:
- case __NR_mremap:
#if defined(__i386__)
// Used on pre-N to initialize threads in ART.
case __NR_modify_ldt:
diff --git a/services/service_manager/sandbox/linux/bpf_cdm_policy_linux.cc b/services/service_manager/sandbox/linux/bpf_cdm_policy_linux.cc
index 9d39e5d5de43..d43b1a7cf369 100644
--- a/services/service_manager/sandbox/linux/bpf_cdm_policy_linux.cc
+++ b/services/service_manager/sandbox/linux/bpf_cdm_policy_linux.cc
@@ -39,7 +39,6 @@ ResultExpr CdmProcessPolicy::EvaluateSyscall(int sysno) const {
#if defined(__i386__) || defined(__arm__)
case __NR_ugetrlimit:
#endif
- case __NR_mremap: // https://crbug.com/546204
case __NR_pwrite64:
case __NR_sysinfo:
case __NR_times:
diff --git a/services/service_manager/sandbox/linux/bpf_pdf_compositor_policy_linux.cc b/services/service_manager/sandbox/linux/bpf_pdf_compositor_policy_linux.cc
index 21e126e39df9..48534ec91e3c 100644
--- a/services/service_manager/sandbox/linux/bpf_pdf_compositor_policy_linux.cc
+++ b/services/service_manager/sandbox/linux/bpf_pdf_compositor_policy_linux.cc
@@ -39,7 +39,6 @@ ResultExpr PdfCompositorProcessPolicy::EvaluateSyscall(int sysno) const {
#if defined(__i386__) || defined(__arm__)
case __NR_ugetrlimit:
#endif
- case __NR_mremap: // https://crbug.com/546204
case __NR_pwrite64:
case __NR_sysinfo:
case __NR_times:
diff --git a/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc b/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc
index 017f13cf7ba9..ff734d6e6d5b 100644
--- a/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc
+++ b/services/service_manager/sandbox/linux/bpf_renderer_policy_linux.cc
@@ -81,7 +81,6 @@ ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const {
#if defined(__i386__) || defined(__arm__)
case __NR_ugetrlimit:
#endif
- case __NR_mremap: // See crbug.com/149834.
case __NR_pwrite64:
case __NR_sched_get_priority_max:
case __NR_sched_get_priority_min:
diff --git a/services/service_manager/sandbox/linux/bpf_utility_policy_linux.cc b/services/service_manager/sandbox/linux/bpf_utility_policy_linux.cc
index c7f9009c4315..b4ae692fdd71 100644
--- a/services/service_manager/sandbox/linux/bpf_utility_policy_linux.cc
+++ b/services/service_manager/sandbox/linux/bpf_utility_policy_linux.cc
@@ -37,7 +37,6 @@ ResultExpr UtilityProcessPolicy::EvaluateSyscall(int sysno) const {
#if defined(__i386__) || defined(__arm__)
case __NR_ugetrlimit:
#endif
- case __NR_mremap: // https://crbug.com/546204
case __NR_pwrite64:
case __NR_sysinfo:
case __NR_times:
--
2.23.0