1 //
2 // Copyright (C) 2017 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #include <android-base/logging.h>
18 #include <libminijail.h>
19 
20 #include <hwminijail/HardwareMinijail.h>
21 
22 namespace android {
23 namespace hardware {
24 
SetupMinijail(const std::string & seccomp_policy_path)25 void SetupMinijail(const std::string& seccomp_policy_path) {
26     if (access(seccomp_policy_path.c_str(), R_OK) == -1) {
27         LOG(WARNING) << "Could not find seccomp policy file at: " << seccomp_policy_path;
28         return;
29     }
30 
31     struct minijail* jail = minijail_new();
32     if (jail == nullptr) {
33         LOG(FATAL) << "Failed to create minijail.";
34     }
35 
36     minijail_no_new_privs(jail);
37     minijail_log_seccomp_filter_failures(jail);
38     minijail_use_seccomp_filter(jail);
39     minijail_parse_seccomp_filters(jail, seccomp_policy_path.c_str());
40     minijail_enter(jail);
41     minijail_destroy(jail);
42 }
43 
44 }  // namespace hardware
45 }  // namespace android
46