/external/minijail/tools/ |
D | README.md | 5 This script lets you build a Minijail seccomp-bpf filter from strace output. 13 to `execve(2)` might not be needed, since the seccomp-bpf filter is installed 25 An external seccomp-bpf compiler that is documented [here][1]. This uses a 27 be provided to `minijail0`'s `--seccomp-bpf-binary` or `libminijail`'s 38 [libseccomp](https://github.com/seccomp/libseccomp)'s `tools/scmp_bpf_disasm`. 46 cat > test/seccomp.policy <<EOF 54 ./tools/compile_seccomp_policy.py test/seccomp.policy test/seccomp.bpf 57 ./minijail0 --seccomp-bpf-binary=test/seccomp.bpf -- <program>
|
/external/linux-kselftest/android/patches/ |
D | 0009-seccomp-disable-tests-broken-on-kernels-4.8.patch | 4 Subject: [PATCH] seccomp: disable tests broken on kernels < 4.8 14 tools/testing/selftests/seccomp/seccomp_bpf.c | 6 ++++++ 17 diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccom… 19 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c 20 +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
|
D | 0010-seccomp-detect-compat-mode-in-ARM64.patch | 4 Subject: [PATCH] seccomp: detect compat mode in ARM64 13 tools/testing/selftests/seccomp/seccomp_bpf.c | 5 +++-- 16 diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccom… 18 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c 19 +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
|
D | 0017-seccomp_bpf.patch | 1 Disable further incompatible seccomp subtests. 5 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c 6 +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c
|
/external/autotest/client/site_tests/security_SeccompSyscallFilters/ |
D | control | 9 Runs tests to verify that seccomp calls make correct changes with 12 PURPOSE = "To verify that seccomp is correctly changing permissions" 13 CRITERIA = "Permissions are changed to expected values after seccomp calls"
|
/external/minijail/ |
D | minijail0_cli.c | 629 int seccomp = -1; in parse_args() local 683 if (seccomp != -1 && seccomp != 1) { in parse_args() 689 seccomp = 1; in parse_args() 693 if (seccomp != -1 && seccomp != 2) { in parse_args() 699 seccomp = 2; in parse_args() 896 if (seccomp != -1 && seccomp != 3) { in parse_args() 902 seccomp = 3; in parse_args()
|
/external/autotest/client/site_tests/security_SeccompSyscallFilters/src/ |
D | seccomp_bpf_tests.c | 928 #ifndef seccomp 929 int seccomp(unsigned int op, unsigned int flags, struct sock_fprog *filter) in seccomp() function 955 ret = seccomp(-1, 0, &prog); 961 ret = seccomp(SECCOMP_SET_MODE_STRICT, -1, NULL); 965 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, &prog); 971 ret = seccomp(SECCOMP_SET_MODE_FILTER, -1, &prog); 975 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, NULL); 980 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog); 1000 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog); 1011 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, NULL); [all …]
|
/external/linux-kselftest/tools/testing/selftests/seccomp/ |
D | seccomp_bpf.c | 217 #ifndef seccomp 218 int seccomp(unsigned int op, unsigned int flags, void *args) in seccomp() function 729 ASSERT_EQ(0, seccomp(SECCOMP_SET_MODE_FILTER, 0, in kill_thread_or_group() 736 ASSERT_EQ(0, seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog_thread)); in kill_thread_or_group() 2127 ret = seccomp(-1, 0, &prog); in TEST() 2136 ret = seccomp(SECCOMP_SET_MODE_STRICT, -1, NULL); in TEST() 2140 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, &prog); in TEST() 2146 ret = seccomp(SECCOMP_SET_MODE_FILTER, -1, &prog); in TEST() 2150 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, NULL); in TEST() 2155 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog); in TEST() [all …]
|
/external/seccomp-tests/ |
D | README.google | 2 …ttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/seccomp 4 Description: Mirror of Linux kernel seccomp test suite, run in CTS.
|
/external/strace/tests-mx32/ |
D | Makefile.am | 148 prctl-seccomp-filter-v \ 149 prctl-seccomp-strict \ 167 seccomp-filter-v \ 168 seccomp-strict \ 279 prctl-seccomp-filter-v.test \ 280 prctl-seccomp-strict.test \ 293 seccomp-strict.test \
|
D | seccomp_get_action_avail.gen.test | 4 run_strace_match_diff -e trace=seccomp
|
D | seccomp-filter-v.gen.test | 4 run_strace_match_diff -v -e trace=seccomp
|
D | seccomp-filter.gen.test | 4 run_strace_match_diff -e trace=seccomp
|
/external/strace/tests-m32/ |
D | Makefile.am | 148 prctl-seccomp-filter-v \ 149 prctl-seccomp-strict \ 167 seccomp-filter-v \ 168 seccomp-strict \ 279 prctl-seccomp-filter-v.test \ 280 prctl-seccomp-strict.test \ 293 seccomp-strict.test \
|
D | seccomp-filter.gen.test | 4 run_strace_match_diff -e trace=seccomp
|
D | seccomp-filter-v.gen.test | 4 run_strace_match_diff -v -e trace=seccomp
|
D | seccomp_get_action_avail.gen.test | 4 run_strace_match_diff -e trace=seccomp
|
/external/strace/tests/ |
D | Makefile.am | 148 prctl-seccomp-filter-v \ 149 prctl-seccomp-strict \ 167 seccomp-filter-v \ 168 seccomp-strict \ 279 prctl-seccomp-filter-v.test \ 280 prctl-seccomp-strict.test \ 293 seccomp-strict.test \
|
D | seccomp-filter.gen.test | 4 run_strace_match_diff -e trace=seccomp
|
D | seccomp-filter-v.gen.test | 4 run_strace_match_diff -v -e trace=seccomp
|
D | seccomp_get_action_avail.gen.test | 4 run_strace_match_diff -e trace=seccomp
|
/external/seccomp-tests/linux/ |
D | seccomp_bpf.c | 1504 #ifndef seccomp 1505 int seccomp(unsigned int op, unsigned int flags, struct sock_fprog *filter) in seccomp() function 1529 ret = seccomp(-1, 0, &prog); in TEST() 1538 ret = seccomp(SECCOMP_SET_MODE_STRICT, -1, NULL); in TEST() 1542 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, &prog); in TEST() 1548 ret = seccomp(SECCOMP_SET_MODE_FILTER, -1, &prog); in TEST() 1552 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, NULL); in TEST() 1557 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog); in TEST() 1580 ret = seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog); in TEST() 1594 ret = seccomp(SECCOMP_SET_MODE_STRICT, 0, NULL); in TEST() [all …]
|
/external/crosvm/ |
D | README.md | 79 appropriate minijail seccomp policy files must be present either in 81 `--seccomp-policy-dir` argument. The sandbox can be disabled for testing with 115 * `multiprocess` - Host Linux kernel with seccomp-bpf and Linux namespacing support. 187 The `seccomp` folder contains minijail seccomp policy files for each sandboxed 188 device. Because some syscalls vary by architecture, the seccomp policies are
|
/external/strace/ |
D | seccomp.c | 36 SYS_FUNC(seccomp) in SYS_FUNC() argument
|
/external/adhd/init/ |
D | cras.sh | 56 -S /usr/share/policy/cras-seccomp.policy \
|