[GitHub/LineageOS/android_device_motorola_exynos9610-common.git] / configs / seccomp / configstore@1.1.policy

# Copyright (C) 2017 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

futex: 1
# ioctl: arg1 == BINDER_WRITE_READ
ioctl: arg1 == 0xc0306201
# prctl: arg0 == PR_SET_NAME || arg0 == PR_SET_VMA || arg0 == PR_SET_TIMERSLACK
# || arg0 == PR_GET_NO_NEW_PRIVS # used by crash_dump
# prctl: arg0 == 15 || arg0 == 0x53564d41 || arg0 == 29 || arg0 == 39
# TODO(b/68162846) reduce scope of prctl() based on arguments
prctl: 1
openat: 1
mmap: 1
mprotect: 1
close: 1
getuid: 1
read: 1
faccessat: 1
write: 1
fstat: 1
clone: 1
sched_setscheduler: 1
munmap: 1
lseek: 1
sigaltstack: 1
writev: 1
setpriority: 1
restart_syscall: 1
exit: 1
exit_group: 1
rt_sigreturn: 1
getrlimit: 1
madvise: 1
getdents64: 1
clock_gettime: 1
getpid: 1
gettid: 1

# used during process crash by crash_dump to dump process info
rt_sigprocmask: 1
rt_sigaction: 1
# socket: arg0 == AF_LOCAL
socket: arg0 == 1
connect: 1
recvmsg: 1
rt_tgsigqueueinfo: 1
Commit	Line	Data
c15915df JA	1	# Copyright (C) 2017 The Android Open Source Project
	2	#
	3	# Licensed under the Apache License, Version 2.0 (the "License");
	4	# you may not use this file except in compliance with the License.
	5	# You may obtain a copy of the License at
	6	#
	7	# http://www.apache.org/licenses/LICENSE-2.0
	8	#
	9	# Unless required by applicable law or agreed to in writing, software
	10	# distributed under the License is distributed on an "AS IS" BASIS,
	11	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	12	# See the License for the specific language governing permissions and
	13	# limitations under the License.
	14
	15	futex: 1
	16	# ioctl: arg1 == BINDER_WRITE_READ
	17	ioctl: arg1 == 0xc0306201
	18	# prctl: arg0 == PR_SET_NAME \|\| arg0 == PR_SET_VMA \|\| arg0 == PR_SET_TIMERSLACK
	19	# \|\| arg0 == PR_GET_NO_NEW_PRIVS # used by crash_dump
	20	# prctl: arg0 == 15 \|\| arg0 == 0x53564d41 \|\| arg0 == 29 \|\| arg0 == 39
	21	# TODO(b/68162846) reduce scope of prctl() based on arguments
	22	prctl: 1
	23	openat: 1
	24	mmap: 1
	25	mprotect: 1
	26	close: 1
	27	getuid: 1
	28	read: 1
	29	faccessat: 1
	30	write: 1
	31	fstat: 1
	32	clone: 1
	33	sched_setscheduler: 1
	34	munmap: 1
	35	lseek: 1
	36	sigaltstack: 1
	37	writev: 1
	38	setpriority: 1
	39	restart_syscall: 1
	40	exit: 1
	41	exit_group: 1
	42	rt_sigreturn: 1
	43	getrlimit: 1
	44	madvise: 1
	45	getdents64: 1
	46	clock_gettime: 1
	47	getpid: 1
edd584d8	48	gettid: 1
c15915df JA	49
	50	# used during process crash by crash_dump to dump process info
	51	rt_sigprocmask: 1
	52	rt_sigaction: 1
	53	# socket: arg0 == AF_LOCAL
	54	socket: arg0 == 1
	55	connect: 1
	56	recvmsg: 1
	57	rt_tgsigqueueinfo: 1