minijail: Check for repeat syscall definitions
Add an option that allows for checking for duplicate syscall
definitions.
Add as a compile-time option and filter_option. If this option is on:
Maintain a data structure throughout seccomp policy syscall filter
parsing that keeps track of syscalls that have already been encountered
and where they were defined. Use this structure to tell when there are
duplicate syscall policy definitions and warn the user.
Write a unit test that checks that compile_file will return -1 if there
is a repeat syscall policy definition. Also change existing tests to
reflect this behavior.
Bug: None
TEST=built and ran unit tests
Change-Id: I3f5da9f926006dc7498d4a6510dda5aa5aedd1a3
diff --git a/Android.bp b/Android.bp
index 482f6c7..68797a9 100644
--- a/Android.bp
+++ b/Android.bp
@@ -35,6 +35,7 @@
cflags: [
"-D_FILE_OFFSET_BITS=64",
"-DALLOW_DEBUG_LOGGING",
+ "-DALLOW_DUPLICATE_SYSCALLS",
"-DDEFAULT_PIVOT_ROOT=\"/var/empty\"",
"-Wall",
"-Werror",
