New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 887955 link

Starred by 0 users
Status: Fixed
Owner:
shik@chromium.org
Closed: Sep 27
Cc:
jcliang@chromium.org
shenghao@chromium.org
henryhsu@chromium.org
wuchengli@chromium.org
hywu@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

arc camera init scripts: stop using -L

Project Member Reported by vapier@chromium.org, Sep 21 
we don't want -L in shipping minijail configs because it whitelists a number of extra syscalls that normally shouldn't have to.  please drop them from the init scripts.

crash reports should include enough info to figure out what syscall was missing from the filter.

common/init/cros-camera-algo.conf
hal_adapter/init/cros-camera.conf

Comment 1 by wuchengli@google.com, Sep 21

Owner: shik@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 2 by shik@chromium.org, Sep 25

Status: Started (was: Assigned)

Comment 4 by shik@chromium.org, Sep 27

Status: Fixed (was: Started)
Project Member

Comment 6 by bugdroid1@chromium.org, Oct 10 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/arc-camera/+/a50c1ab155d6fe81a79d92c8a8f56acaba677d4a

commit a50c1ab155d6fe81a79d92c8a8f56acaba677d4a
Author: Shik Chen <shik@chromium.org>
Date: Wed Oct 10 16:45:05 2018

hal_adapter: restrict the usage of socket syscall

PF_NETLINK gives us access to several other kernel interfaces that we
don't need. Restrict the 3rd parameter to NETLINK_KOBJECT_UEVENT for the
PF_NETLINK case.

BUG= chromium:887955 
TEST=Take a photo by CCA on nautilus.

Change-Id: If3d548c888fcd658626e4dd2f110b562b67d40f7
Reviewed-on: https://chromium-review.googlesource.com/1270556
Commit-Ready: Shik Chen <shik@chromium.org>
Tested-by: Shik Chen <shik@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Ricky Liang <jcliang@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/a50c1ab155d6fe81a79d92c8a8f56acaba677d4a/hal_adapter/seccomp_filter/cros-camera-arm.policy
[modify] https://crrev.com/a50c1ab155d6fe81a79d92c8a8f56acaba677d4a/hal_adapter/seccomp_filter/cros-camera-amd64.policy

Sign in to add a comment