From ae3f906093ae300660b87bc905b6a3fd3759512a Mon Sep 17 00:00:00 2001
From: Paul Lawrence <paullawrence@google.com>
Date: Mon, 30 Jan 2017 15:43:53 -0800
Subject: [PATCH] Expand seccomp whitelist

Bug: 34813887
Bug: 34809883
Bug: 34767389
Bug: 34719286
Test: Device boots, the app in b/34719286 runs when it didn't before
Change-Id: Iad198e3ca620e7a07464b0d182f969bb807bd948
---
 init/seccomp.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/init/seccomp.cpp b/init/seccomp.cpp
index d632302ec..2ba6384c1 100644
--- a/init/seccomp.cpp
+++ b/init/seccomp.cpp
@@ -213,6 +213,14 @@ bool set_seccomp_filter() {
     // Needed for kernel to restart syscalls
     AllowSyscall(f, 0);  // __NR_restart_syscall
 
+    // b/34813887
+    AllowSyscall(f, 5);   // __NR_open
+    AllowSyscall(f, 141); // __NR_getdents
+    AllowSyscall(f, 217); // __NR_getdents64
+
+    // b/34719286
+    AllowSyscall(f, 351); // __NR_eventfd
+
     // arm32-on-arm64 only filter - autogenerated from bionic syscall usage
     for (size_t i = 0; i < arm_filter_size; ++i)
         f.push_back(arm_filter[i]);