constants: include linux/random.h for GRND_RANDOM

BUG=None
TEST=CQ passes

Change-Id: Idb9b54c20192f629749beedcd70e98f1b690a4b1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/minijail/+/4898983
Auto-Submit: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>

2 files changed, 2 insertions, 4 deletions

diff --git a/gen_constants-inl.h b/gen_constants-inl.h
index f5fdd29..6485445 100644
--- a/gen_constants-inl.h
+++ b/gen_constants-inl.h
@@ -14,6 +14,7 @@
 #include <linux/mman.h>
 #include <linux/net.h>
 #include <linux/prctl.h>
+#include <linux/random.h>
 #include <linux/sched.h>
 #include <linux/serial.h>
 #include <linux/sockios.h>
diff --git a/tools/seccomp_policy_lint.py b/tools/seccomp_policy_lint.py
index 3782371..d391533 100755
--- a/tools/seccomp_policy_lint.py
+++ b/tools/seccomp_policy_lint.py
@@ -37,10 +37,7 @@ DANGEROUS_SYSCALLS = (
 
 # If a dangerous syscall uses these rules, then it's considered safe.
 SYSCALL_SAFE_RULES = {
-    "getrandom": (
-        # Disallow GRND_RANDOM by default.
-        "arg2 in 0xfffffffd",
-    ),
+    "getrandom": ("arg2 in ~GRND_RANDOM",),
     "mmap": (
         "arg2 == PROT_READ || arg2 == PROT_NONE",
         "arg2 in ~PROT_EXEC",