From e4ddaa4f2f348eb0a87856ff88da205afcda781e Mon Sep 17 00:00:00 2001
From: Paul Lawrence <paullawrence@google.com>
Date: Fri, 27 Jan 2017 10:23:21 -0800
Subject: [PATCH] Allow failing app through seccomp policy

Bug: 34651972
Test: Made sure failing app went to login screen
Change-Id: I111a379f3e8283aa829d9ceb97f95b34bbee4055
---
 init/seccomp.cpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/init/seccomp.cpp b/init/seccomp.cpp
index 92f30e858..6c8521782 100644
--- a/init/seccomp.cpp
+++ b/init/seccomp.cpp
@@ -208,17 +208,21 @@ bool set_seccomp_filter() {
     AllowSyscall(f, 190); // __NR_vfork
 
     // Needed for strace
-    AllowSyscall(f, 238);  // __NR_tkill
+    AllowSyscall(f, 238); // __NR_tkill
 
     // Needed for kernel to restart syscalls
-    AllowSyscall(f, 0);  // __NR_restart_syscall
+    AllowSyscall(f, 0);   // __NR_restart_syscall
 
     // Needed for debugging 32-bit Chrome
-    AllowSyscall(f, 42); // __NR_pipe
+    AllowSyscall(f, 42);  // __NR_pipe
 
     // b/34732712
     AllowSyscall(f, 364); // __NR_perf_event_open
 
+    // b/34651972
+    AllowSyscall(f, 33);  // __NR_access
+    AllowSyscall(f, 195); // __NR_stat64
+
     // arm32-on-arm64 only filter - autogenerated from bionic syscall usage
     for (size_t i = 0; i < arm_filter_size; ++i)
         f.push_back(arm_filter[i]);