A seccomp profile for the entire container has been added.

[waydroid.git] / tools / helpers / lxc.py

diff --git a/tools/helpers/lxc.py b/tools/helpers/lxc.py
index 788f4d60b77f580d788eb9dd44687ca5f9f1eb9f..a13f838e1b779c97740d1b9682b90ccec14f8938 100644 (file)
--- a/tools/helpers/lxc.py
+++ b/tools/helpers/lxc.py
@@ -7,6 +7,7 @@ import logging
 import glob
 import shutil
 import platform
+import gbinder
 import tools.config
 import tools.helpers.run
 
@@ -136,6 +137,7 @@ def set_lxc_config(args):
     elif lxc_ver <= 2:
         config_file = "config_1"
     config_path = tools.config.tools_src + "/data/configs/" + config_file
+    seccomp_profile = tools.config.tools_src + "/data/configs/waydroid.seccomp"
 
     command = ["mkdir", "-p", lxc_path]
     tools.helpers.run.user(args, command)
@@ -143,6 +145,8 @@ def set_lxc_config(args):
     tools.helpers.run.user(args, command)
     command = ["sed", "-i", "s/LXCARCH/{}/".format(platform.machine()), lxc_path + "/config"]
     tools.helpers.run.user(args, command)
+    command = ["cp", "-fpr", seccomp_profile, lxc_path + "/waydroid.seccomp"]
+    tools.helpers.run.user(args, command)
 
     nodes = generate_nodes_lxc_config(args)
     config_nodes_tmp_path = args.work + "/config_nodes"
@@ -171,16 +175,30 @@ def make_base_props(args):
                         return prop
         return ""
 
+    def find_hidl(intf):
+        if args.vendor_type == "MAINLINE":
+            return False
+
+        try:
+            sm = gbinder.ServiceManager("/dev/hwbinder")
+            return intf in sm.list_sync()
+        except:
+            return False
+
     props = []
 
     if not os.path.exists("/dev/ashmem"):
         props.append("sys.use_memfd=true")
 
     egl = tools.helpers.props.host_get(args, "ro.hardware.egl")
+    dri = tools.helpers.gpu.getDriNode(args)
 
     gralloc = find_hal("gralloc")
-    if gralloc == "":
-        if tools.helpers.gpu.getDriNode(args):
+    if not gralloc:
+        if find_hidl("android.hardware.graphics.allocator@4.0::IAllocator/default"):
+            gralloc = "android"
+    if not gralloc:
+        if dri:
             gralloc = "gbm"
             egl = "mesa"
         else:
@@ -209,7 +227,9 @@ def make_base_props(args):
         props.append("ro.vendor.extension_library=" + ext_library)
 
     vulkan = find_hal("vulkan")
-    if vulkan != "":
+    if not vulkan and dri:
+        vulkan = tools.helpers.gpu.getVulkanDriver(args, os.path.basename(dri))
+    if vulkan:
         props.append("ro.hardware.vulkan=" + vulkan)
 
     treble = tools.helpers.props.host_get(args, "ro.treble.enabled")
@@ -226,8 +246,12 @@ def make_base_props(args):
         opengles = "196608"
     props.append("ro.opengles.version=" + opengles)
 
-    props.append("waydroid.system_ota=" + args.system_ota)
-    props.append("waydroid.vendor_ota=" + args.vendor_ota)
+    if args.images_path != tools.config.defaults["preinstalled_images_path"]:
+        props.append("waydroid.system_ota=" + args.system_ota)
+        props.append("waydroid.vendor_ota=" + args.vendor_ota)
+    else:
+        props.append("waydroid.updater.disabled=true")
+
     props.append("waydroid.tools_version=" + tools.config.version)
 
     if args.vendor_type == "MAINLINE":