rosemary: Import seccomp policy from stock

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I6da59a29080180f7dbf8789363028cefe45dedaa

configs/seccomp/mediacodec.policy

@@ -0,0 +1,22 @@
+#Mediatek used system call
+getpid: 1
+gettid: 1
+sendto: 1
+pselect6: 1
+sched_getparam: 1
+sched_getscheduler: 1
+mlock: 1
+munlock: 1
+recvfrom: 1
+sched_getaffinity: 1
+sched_setaffinity: 1
+sched_getaffinity: 1
+flock: 1
+fchownat: 1
+fchmodat: 1
+fsync: 1
+sysinfo: 1
+setsockopt: 1
+setrlimit: 1
+eventfd2: 1
+unlinkat: 1

configs/seccomp/mediaextractor.policy

@@ -0,0 +1,8 @@
+# MediaTek used system call
+gettimeofday: 1
+# for audio TableOfContent thread
+ioprio_set: 1
+unlinkat: 1
+setsockopt: 1
+clock_gettime: 1
+setrlimit: 1

configs/seccomp/mediaswcodec.policy

@@ -0,0 +1,2 @@
+#Mediatek used system call
+clock_nanosleep: 1

device.mk

@@ -188,6 +188,11 @@ PRODUCT_COPY_FILES += \
     frameworks/av/media/libstagefright/data/media_codecs_google_video_le.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_google_video_le.xml \
     frameworks/av/media/libstagefright/data/media_codecs_sw.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_c2.xml
 
+PRODUCT_COPY_FILES += \
+    $(LOCAL_PATH)/configs/seccomp/mediacodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediacodec.policy \
+    $(LOCAL_PATH)/configs/seccomp/mediaextractor.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaextractor.policy \
+    $(LOCAL_PATH)/configs/seccomp/mediaswcodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaswcodec.policy
+
 # Overlays
 DEVICE_PACKAGE_OVERLAYS += \
     $(LOCAL_PATH)/overlay