commit 634fb404d3e4a92c2ef669a3b14b234c7968cdfd
author Victor Hsieh <victorhsieh@google.com> Tue Mar 27 15:02:38 2018 -0700
committer Victor Hsieh <victorhsieh@google.com> Thu Mar 29 13:42:07 2018 -0700
tree cf58295645d9bd27a37ccb4344399ff0c8411437
parent 925a04b775d6b39b9beaf0ba67b4e9fca7fb7f17

Fix seccomp filter set up in zygote

This needs to land with extra syscalls whitelisted, including capset and
setresuid.  These privileged syscalls are used in the setup after the
filter is initialized.

Test: system starts, different apps run
Bug: 63944145
Bug: 76461821
Change-Id: I49e6b292805f35baffb3530461c8741e75aceb32
Merged-In: I49e6b292805f35baffb3530461c8741e75aceb32