Add minijail seccomp policies for rmi4update
We've worked up seccomp policies for the wacom updater here, so
this patch adds minijail to the calls to the synaptics touch FW
updater, rmi4update. This CL adds in policies for use in the two
situations rmi4update is called: to query the active FW on the
touch controller, and to issue a FW update. The FW updating
scripts are also modified to invoke the updater utility through
minijail only. The policies were generated on a Lulu, by using
strace's output on similar uses.
BUG=chromium:641147
TEST=manually tested on a Lulu
Change-Id: I978ba3c13cbb3b8a85990f5e3c39cc4c56bab143
Signed-off-by: Charlie Mooney <charliemooney@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/376160
Reviewed-by: Andrew de los Reyes <adlr@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
3 files changed
