From 2e71ceb0f4622c1f365e8dd55d7af4eda3a39c06 Mon Sep 17 00:00:00 2001
From: Alex Shlyapnikov <alekseys@google.com>
Date: Wed, 1 Feb 2017 18:03:08 -0800
Subject: [PATCH] Expand seccomp whitelist

Add syscalls required by sanitizers.

Bug: 34606909
Test: Make sure Android boots when built with SANITIZE_TARGET='address'
Change-Id: Ifa223fb663a4ff43c8b8df9b7bf9452e41079e2e
---
 init/seccomp.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/init/seccomp.cpp b/init/seccomp.cpp
index b0688f37b..608c4e70f 100644
--- a/init/seccomp.cpp
+++ b/init/seccomp.cpp
@@ -234,6 +234,11 @@ bool set_seccomp_filter() {
     // b/34817266
     AllowSyscall(f, 252); // __NR_epoll_wait
 
+    // Needed by sanitizers (b/34606909)
+    // 5 (__NR_open) and 195 (__NR_stat64) are also required, but they are
+    // already allowed.
+    AllowSyscall(f, 85);  // __NR_readlink
+
     // arm32-on-arm64 only filter - autogenerated from bionic syscall usage
     for (size_t i = 0; i < arm_filter_size; ++i)
         f.push_back(arm_filter[i]);