projectceladon · ceiba1985 · Jun 17, 2022
diff --git a/aosp_diff/caas_cfc/frameworks/base/0011-Don-t-install-seccomp-filter.patch b/aosp_diff/caas_cfc/frameworks/base/0011-Don-t-install-seccomp-filter.patch
@@ -0,0 +1,35 @@
+From cfdd1a053f07f6644b6cd61325b71b3d1fa911a4 Mon Sep 17 00:00:00 2001
+From: jizhenlo <[email protected]>
+Date: Sat, 18 Jun 2022 00:01:28 +0800
+Subject: [PATCH] Don't install seccomp filter
+
+Signed-off-by: jizhenlo <[email protected]>
+---
+ core/jni/com_android_internal_os_Zygote.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
+index 9eede83e21e5..b6246e2d7bae 100644
+--- a/core/jni/com_android_internal_os_Zygote.cpp
++++ b/core/jni/com_android_internal_os_Zygote.cpp
+@@ -127,7 +127,7 @@ static jclass gZygoteClass;
+ static jmethodID gCallPostForkSystemServerHooks;
+ static jmethodID gCallPostForkChildHooks;
+
+-static bool gIsSecurityEnforced = true;
++static bool gIsSecurityEnforced = false;
+
+ /**
+  * True if the app process is running in its mount namespace.
+@@ -2282,7 +2282,7 @@ static void com_android_internal_os_Zygote_nativeInitNativeState(JNIEnv* env, jc
+
+   // security_getenforce is not allowed on app process. Initialize and cache
+   // the value before zygote forks.
+-  gIsSecurityEnforced = security_getenforce();
++  gIsSecurityEnforced = false;
+
+   selinux_android_seapp_context_init();
+
+-- 
+2.25.1
+