From ec6d1ca57512adbfeb50c5463f7782dd3e4cfdb0 Mon Sep 17 00:00:00 2001
From: bengris32 <bengris32@protonmail.ch>
Date: Thu, 15 Sep 2022 19:28:19 +0100
Subject: [PATCH] rosemary: Import seccomp policy from stock

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I6da59a29080180f7dbf8789363028cefe45dedaa
---
 configs/seccomp/mediacodec.policy     | 22 ++++++++++++++++++++++
 configs/seccomp/mediaextractor.policy |  8 ++++++++
 configs/seccomp/mediaswcodec.policy   |  2 ++
 device.mk                             |  5 +++++
 4 files changed, 37 insertions(+)
 create mode 100644 configs/seccomp/mediacodec.policy
 create mode 100644 configs/seccomp/mediaextractor.policy
 create mode 100644 configs/seccomp/mediaswcodec.policy

diff --git a/configs/seccomp/mediacodec.policy b/configs/seccomp/mediacodec.policy
new file mode 100644
index 0000000..24f60ef
--- /dev/null
+++ b/configs/seccomp/mediacodec.policy
@@ -0,0 +1,22 @@
+#Mediatek used system call
+getpid: 1
+gettid: 1
+sendto: 1
+pselect6: 1
+sched_getparam: 1
+sched_getscheduler: 1
+mlock: 1
+munlock: 1
+recvfrom: 1
+sched_getaffinity: 1
+sched_setaffinity: 1
+sched_getaffinity: 1
+flock: 1
+fchownat: 1
+fchmodat: 1
+fsync: 1
+sysinfo: 1
+setsockopt: 1
+setrlimit: 1
+eventfd2: 1
+unlinkat: 1
diff --git a/configs/seccomp/mediaextractor.policy b/configs/seccomp/mediaextractor.policy
new file mode 100644
index 0000000..3564ac9
--- /dev/null
+++ b/configs/seccomp/mediaextractor.policy
@@ -0,0 +1,8 @@
+# MediaTek used system call
+gettimeofday: 1
+# for audio TableOfContent thread
+ioprio_set: 1
+unlinkat: 1
+setsockopt: 1
+clock_gettime: 1
+setrlimit: 1
diff --git a/configs/seccomp/mediaswcodec.policy b/configs/seccomp/mediaswcodec.policy
new file mode 100644
index 0000000..faaac02
--- /dev/null
+++ b/configs/seccomp/mediaswcodec.policy
@@ -0,0 +1,2 @@
+#Mediatek used system call
+clock_nanosleep: 1
diff --git a/device.mk b/device.mk
index c5a3f5e..fd51d81 100644
--- a/device.mk
+++ b/device.mk
@@ -188,6 +188,11 @@ PRODUCT_COPY_FILES += \
     frameworks/av/media/libstagefright/data/media_codecs_google_video_le.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_google_video_le.xml \
     frameworks/av/media/libstagefright/data/media_codecs_sw.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_c2.xml
 
+PRODUCT_COPY_FILES += \
+    $(LOCAL_PATH)/configs/seccomp/mediacodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediacodec.policy \
+    $(LOCAL_PATH)/configs/seccomp/mediaextractor.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaextractor.policy \
+    $(LOCAL_PATH)/configs/seccomp/mediaswcodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaswcodec.policy
+
 # Overlays
 DEVICE_PACKAGE_OVERLAYS += \
     $(LOCAL_PATH)/overlay