From 26877097997dbbb0be16617aa83f19741bcc52c6 Mon Sep 17 00:00:00 2001
From: Deokgyu Yang <secugyu@gmail.com>
Date: Wed, 12 May 2021 23:08:18 +0900
Subject: [PATCH] Add seccomp policy from T825N0KOU3CTD1

Signed-off-by: Deokgyu Yang <secugyu@gmail.com>
Change-Id: I278383fb136edbbc6bfe2743b1ba832c86b41ca3
---
 device.mk                 |  4 ++++
 seccomp/mediacodec.policy | 12 ++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 seccomp/mediacodec.policy

diff --git a/device.mk b/device.mk
index cf862a7..ba4b632 100755
--- a/device.mk
+++ b/device.mk
@@ -339,6 +339,10 @@ PRODUCT_PACKAGES += \
 PRODUCT_PACKAGES += \
     android.hardware.renderscript@1.0-impl
 
+# Seccomp policy
+PRODUCT_COPY_FILES += \
+    $(LOCAL_PATH)/seccomp/mediacodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediacodec.policy
+
 # RIL
 PRODUCT_PACKAGES += \
     android.hardware.radio@1.4 \
diff --git a/seccomp/mediacodec.policy b/seccomp/mediacodec.policy
new file mode 100644
index 0000000..81d042b
--- /dev/null
+++ b/seccomp/mediacodec.policy
@@ -0,0 +1,12 @@
+# device specific syscalls
+# extension of services/mediacodec/minijail/seccomp_policy/mediacodec-seccomp-arm.policy
+pselect6: 1
+eventfd2: 1
+sendto: 1
+recvfrom: 1
+_llseek: 1
+sysinfo: 1
+getcwd: 1
+getdents64: 1
+inotify_init1: 1
+inotify_add_watch: 1