PKGBUILDs/extra/chromium/0002-Linux-Sandbox-whitelist-arm64-syscalls.patch

From fd390d689c538c2d315430fecde8e65863984b2d Mon Sep 17 00:00:00 2001
From: "riku.voipio" <riku.voipio@linaro.org>
Date: Tue, 1 Mar 2016 08:02:43 -0800
Subject: [PATCH 2/2] Linux Sandbox: whitelist arm64 syscalls

On debian/arm64, two syscalls needed whitelisting for chromium to work with seccomp:

epoll_pwait, replacing epoll_wait which is a legacy syscall not available on arm64. epoll_wait implmentation in glibc calls epoll_pwait behind scenes, so this needs to be enabled.

getrlimit, missing #ifdef for arm64 in several policy definitions. test for arm64 added for each case.

BUG=581018
R=keescook@chromium.org,jln@chromium.org,rsesek@chromium.org
TEST=Start chrome on arm64 with seccomp enabled kernel

Review URL: https://codereview.chromium.org/1613883002

Cr-Commit-Position: refs/heads/master@{#378440}
---
 services/shell/runner/host/linux_sandbox.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/services/shell/runner/host/linux_sandbox.cc b/services/shell/runner/host/linux_sandbox.cc
index 24461a5..33822bd 100644
--- a/services/shell/runner/host/linux_sandbox.cc
+++ b/services/shell/runner/host/linux_sandbox.cc
@@ -38,12 +38,14 @@ intptr_t SandboxSIGSYSHandler(const struct sandbox::arch_seccomp_data& args,
   const sandbox::syscall_broker::BrokerProcess* broker_process =
       static_cast<const sandbox::syscall_broker::BrokerProcess*>(aux);
   switch (args.nr) {
+#if !defined(__aarch64__)
     case __NR_access:
       return broker_process->Access(reinterpret_cast<const char*>(args.args[0]),
                                     static_cast<int>(args.args[1]));
     case __NR_open:
       return broker_process->Open(reinterpret_cast<const char*>(args.args[0]),
                                   static_cast<int>(args.args[1]));
+#endif
     case __NR_faccessat:
       if (static_cast<int>(args.args[0]) == AT_FDCWD) {
         return broker_process->Access(
-- 
2.9.0