executor: add seccomp support for Android

This adds support for the seccomp filters that are part of Android into
the sandbox.  A process running as untrusted_app in Android has a
restricted set of syscalls that it is allow to run.  This is
accomplished by setting seccomp filters in the zygote process prior to
forking into the application process.  The seccomp filter list comes
directly from the Android source, it cannot be dynamically loaded from
an Android phone because libseccomp_policy.so does not exist as a
library on the system partition.

0 files changed, 0 insertions, 0 deletions