| Index: content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
|
| diff --git a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
|
| index 8ce5f868da45a221243a472b74622ed65bad3faa..c831390cb96828a0366d4f53f5db4abe2323dd69 100644
|
| --- a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
|
| +++ b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
|
| @@ -27,6 +27,11 @@ ResultExpr SandboxBPFBasePolicyAndroid::EvaluateSyscall(int sysno) const {
|
| case __NR_clone:
|
| case __NR_epoll_pwait:
|
| case __NR_flock:
|
| +#if defined(__x86_64__) || defined(__aarch64__)
|
| + case __NR_newfstatat:
|
| +#elif defined(__i386__) || defined(__arm__) || defined(__mips__)
|
| + case __NR_fstatat64:
|
| +#endif
|
| case __NR_getpriority:
|
| case __NR_ioctl:
|
| case __NR_mremap:
|
| @@ -35,13 +40,14 @@ ResultExpr SandboxBPFBasePolicyAndroid::EvaluateSyscall(int sysno) const {
|
| // access. It may be possible to restrict the filesystem with SELinux.
|
| // Currently we rely on the app/service UID isolation to create a
|
| // filesystem "sandbox".
|
| -#if !ARCH_CPU_ARM64
|
| +#if !defined(ARCH_CPU_ARM64)
|
| case __NR_open:
|
| #endif
|
| case __NR_openat:
|
| case __NR_pread64:
|
| case __NR_rt_sigtimedwait:
|
| case __NR_setpriority:
|
| + case __NR_set_tid_address:
|
| case __NR_sigaltstack:
|
| #if defined(__i386__) || defined(__arm__)
|
| case __NR_ugetrlimit:
|
|
|