New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 641147 link

Starred by 2 users
Status: Verified
Owner:
charliemooney@chromium.org
Last visit > 30 days ago
Closed: Sep 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

rmi4update should run in minijail

Reported by charliemooney@chromium.org, Aug 25 2016 
After working on the Wacom touchpad updater scripts it seems like we should run Synaptic's updater (rmi4updater) through minijail to limit which syscalls it can use as well
Project Member

Comment 1 by bugdroid1@chromium.org, Sep 12 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/touch_updater/+/28c19c464ae075a4d701f99606ffdf809b5036f5

commit 28c19c464ae075a4d701f99606ffdf809b5036f5
Author: Charlie Mooney <charliemooney@chromium.org>
Date: Thu Aug 25 22:28:37 2016

Add minijail seccomp policies for rmi4update

We've worked up seccomp policies for the wacom updater here, so
this patch adds minijail to the calls to the synaptics touch FW
updater, rmi4update.  This CL adds in policies for use in the two
situations rmi4update is called: to query the active FW on the
touch controller, and to issue a FW update.  The FW updating
scripts are also modified to invoke the updater utility through
minijail only.  The policies were generated on a Lulu, by using
strace's output on similar uses.

BUG= chromium:641147 
TEST=manually tested on a Lulu

Change-Id: I978ba3c13cbb3b8a85990f5e3c39cc4c56bab143
Signed-off-by: Charlie Mooney <charliemooney@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/376160
Reviewed-by: Andrew de los Reyes <adlr@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[add] https://crrev.com/28c19c464ae075a4d701f99606ffdf809b5036f5/policies/rmi4update.update.policy
[modify] https://crrev.com/28c19c464ae075a4d701f99606ffdf809b5036f5/scripts/chromeos-synaptics-touch-firmware-update.sh
[add] https://crrev.com/28c19c464ae075a4d701f99606ffdf809b5036f5/policies/rmi4update.query.policy

Comment 2 by charliemooney@chromium.org, Sep 12 2016

Status: Fixed (was: Started)

Comment 3 by dchan@chromium.org, Oct 7 2016

Labels: VerifyIn-55

Comment 4 by dchan@google.com, Nov 19 2016

Labels: VerifyIn-56

Comment 5 by dchan@google.com, Jan 21 2017

Labels: VerifyIn-57

Comment 6 by dchan@google.com, Mar 4 2017

Labels: VerifyIn-58

Comment 7 by dchan@google.com, Apr 17 2017

Labels: VerifyIn-59

Comment 8 by dchan@google.com, May 30 2017

Labels: VerifyIn-60

Comment 9 by kathrelk...@chromium.org, Jul 7 2017

Status: Verified (was: Fixed)

Sign in to add a comment