1 # Copyright (C) 2018 The Android Open Source Project 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 # Organized by frequency of systemcall - in descending order for 16 # best performance. 17 futex: 1 18 ioctl: 1 19 write: 1 20 prctl: 1 21 clock_gettime: 1 22 getpriority: 1 23 read: 1 24 close: 1 25 writev: 1 26 dup: 1 27 ppoll: 1 28 mmap2: 1 29 getrandom: 1 30 31 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail 32 # parser support for '<' is in this needs to be modified to also prevent 33 # |old_address| and |new_address| from touching the exception vector page, which 34 # on ARM is statically loaded at 0xffff 0000. See 35 # http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html 36 # for more details. 37 mremap: arg3 == 3 38 munmap: 1 39 mprotect: 1 40 madvise: 1 41 openat: 1 42 sigaltstack: 1 43 clone: 1 44 setpriority: 1 45 getuid32: 1 46 fstat64: 1 47 fstatfs64: 1 48 pread64: 1 49 faccessat: 1 50 readlinkat: 1 51 exit: 1 52 rt_sigprocmask: 1 53 set_tid_address: 1 54 restart_syscall: 1 55 exit_group: 1 56 rt_sigreturn: 1 57 pipe2: 1 58 gettimeofday: 1 59 sched_yield: 1 60 nanosleep: 1 61 lseek: 1 62 _llseek: 1 63 sched_get_priority_max: 1 64 sched_get_priority_min: 1 65 statfs64: 1 66 sched_setscheduler: 1 67 fstatat64: 1 68 ugetrlimit: 1 69 getdents64: 1 70 getrandom: 1 71 72 @include /system/etc/seccomp_policy/crash_dump.arm.policy 73 74
