configs/seccomp/configstore@1.1.policy

   1 # Copyright (C) 2017 The Android Open Source Project
   2 #
   3 # Licensed under the Apache License, Version 2.0 (the "License");
   4 # you may not use this file except in compliance with the License.
   5 # You may obtain a copy of the License at
   6 #
   7 #      http://www.apache.org/licenses/LICENSE-2.0
   8 #
   9 # Unless required by applicable law or agreed to in writing, software
  10 # distributed under the License is distributed on an "AS IS" BASIS,
  11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 # See the License for the specific language governing permissions and
  13 # limitations under the License.
  14
  15 futex: 1
  16 # ioctl: arg1 == BINDER_WRITE_READ
  17 ioctl: arg1 == 0xc0306201
  18 # prctl: arg0 == PR_SET_NAME || arg0 == PR_SET_VMA || arg0 == PR_SET_TIMERSLACK
  19 # || arg0 == PR_GET_NO_NEW_PRIVS # used by crash_dump
  20 # prctl: arg0 == 15 || arg0 == 0x53564d41 || arg0 == 29 || arg0 == 39
  21 # TODO(b/68162846) reduce scope of prctl() based on arguments
  22 prctl: 1
  23 openat: 1
  24 mmap: 1
  25 mprotect: 1
  26 close: 1
  27 getuid: 1
  28 read: 1
  29 faccessat: 1
  30 write: 1
  31 fstat: 1
  32 clone: 1
  33 sched_setscheduler: 1
  34 munmap: 1
  35 lseek: 1
  36 sigaltstack: 1
  37 writev: 1
  38 setpriority: 1
  39 restart_syscall: 1
  40 exit: 1
  41 exit_group: 1
  42 rt_sigreturn: 1
  43 getrlimit: 1
  44 madvise: 1
  45 getdents64: 1
  46 clock_gettime: 1
  47 getpid: 1
  48
  49 # used during process crash by crash_dump to dump process info
  50 rt_sigprocmask: 1
  51 rt_sigaction: 1
  52 # socket: arg0 == AF_LOCAL
  53 socket: arg0 == 1
  54 connect: 1
  55 recvmsg: 1
  56 rt_tgsigqueueinfo: 1