1 // Copyright (C) 2019 The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include "prefetcher/minijail.h"
16 
17 #include <android-base/logging.h>
18 #include <libminijail.h>
19 
20 namespace iorap::prefetcher {
21 
22 static const char kSeccompFilePath[] = "/system/etc/seccomp_policy/iorap.prefetcherd.policy";
23 
MiniJail()24 bool MiniJail() {
25   /* no seccomp policy for this architecture */
26   if (access(kSeccompFilePath, R_OK) == -1) {
27       LOG(WARNING) << "No seccomp filter defined for this architecture.";
28       return true;
29   }
30 
31   struct minijail* jail = minijail_new();
32   if (jail == NULL) {
33       LOG(WARNING) << "Failed to create minijail.";
34       return false;
35   }
36 
37   minijail_no_new_privs(jail);
38   minijail_log_seccomp_filter_failures(jail);
39   minijail_use_seccomp_filter(jail);
40   minijail_parse_seccomp_filters(jail, kSeccompFilePath);
41   minijail_enter(jail);
42   minijail_destroy(jail);
43 
44   LOG(DEBUG) << "minijail installed.";
45 
46   return true;
47 }
48 
49 }
50