CTS-on-gsi test, CtsSecurityHostTestCases--android.security.cts.ProcessMustUseSeccompTest#testMediaextractorHasSeccompFilter
--android.security.cts.ProcessMustUseSeccompTest#testOmxHalHasSeccompFilter
failed
[Android Version]:
Android8.1.0_r2
[CTS pachage version]
Suite / Plan VTS / cts-on-gsi
Suite / Build 8.1_R3 / 4632653
[device](Any device config may relate this failure)
spreadtrum's iSharkL2
size:1080*1920
[bugzilla bugid] 79158930
[CTS Test Pre–Condition]
1.Language set to EN;
2.Keyguard set to none;
3.Enable GPS, Wifi network, USB debugging, Stay awake, Allow mock locations.
4.CTS version is VTS / cts-on-gsi 8.1_R3
[CTS Test Step]:
1 ./vts-tradefed
2 run cts-on-gsi
[Expected Result ]:
This case will pass.
[Testing Result]:
case failed:
CtsSecurityHostTestCases
--android.security.cts.ProcessMustUseSeccompTest#testMediaextractorHasSeccompFilter
--android.security.cts.ProcessMustUseSeccompTest#testOmxHalHasSeccompFilter
[13. Analysis]:
junit.framework.AssertionFailedError: media.extractor must have a seccomp filter enabled. The "Seccomp" field of media.extractor's /proc/3292/status file should be set to "2"
at junit.framework.Assert.fail(Assert.java:57)
at junit.framework.Assert.assertTrue(Assert.java:22)
For iSharkL2 device, TARGET_ARCH=x86_64, but in the following Android.mk, there is no x86_64 option and mediaextractor-x86_64.policy, so mediaextractor.polily will not be generated in the $(TARGET_OUT)/etc/seccomp_policy.
Frameworks/av/services/mediaextractor/Android.mk:
# service seccomp filter
ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64 x86))
include $(CLEAR_VARS)
LOCAL_MODULE := mediaextractor.policy
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/seccomp_policy
LOCAL_SRC_FILES := seccomp_policy/mediaextractor-$(TARGET_ARCH).policy
include $(BUILD_PREBUILT)
endif
[Analysize]:
There is no mediaextractor-x86_64.policy file in the frameworks/av/services/mediaextractor/seccomp_policy/, so we can't write this mediaextractor-x86_64.policy
And mediaextractor-x86_64.policy is got based on the mediaextractor-x86.policy and added the differences between mediaextractor-arm.policy and mediaextractor-arm64.policy.
But there is a problem of the arrangement order of syscalls in mediaextractor-x86_64.policy, maybe it need Google engineer to refine it.
[Conclusion]:
1. Add a new mediaextractor-x86_x64.policy
2. Modify the Android.mk file below in the frameworks/av/services/mediaextractor/ seccomp_policy
3. Because current google AOSP don’t consider x86_64 arch for mediaextractor policy, and iSharkL2 device use x86_64 arch, so we need to support it in the frameworks/av/services/mediaextractor/ seccomp_policy/. We will request to waive for this.
[Patch Link]:
https://android-review.googlesource.com/c/platform/frameworks/av/+/676982
Change-Id: Icd14cc62d6a2b8989ae3e2a1650af3749198522f
2 files changed
