1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14@arch 15arm64 16 17@returnValue 18KILL_PROCESS 19 20@headFiles 21"time.h" 22"sys/ioctl.h" 23"linux/futex.h" 24"sys/resource.h" 25"sys/prctl.h" 26"sys/mman.h" 27"sched.h" 28"fcntl.h" 29"sys/random.h" 30"sys/types.h" 31"sys/socket.h" 32 33@priority 34futex 35 36@allowList 37fdatasync 38fsync 39ftruncate 40getrlimit 41setrlimit 42mremap 43pwrite64 44sched_get_priority_max 45sched_get_priority_min 46getpriority 47setpriority 48sysinfo 49times 50uname 51get_robust_list 52set_robust_list 53sched_getaffinity 54sigaltstack 55brk 56mlock 57munlock 58munmap 59mmap 60sched_yield 61nanosleep 62epoll_pwait 63epoll_create1 64epoll_ctl 65lseek 66eventfd2 67fstat 68ppoll 69pselect6 70read 71readv 72pread64 73recvfrom 74recvmsg 75sendmsg 76sendto 77write 78writev 79pipe2 80gettimeofday 81exit 82exit_group 83wait4 84waitid 85rt_sigaction 86rt_sigprocmask 87rt_sigreturn 88rt_sigtimedwait 89capget 90getegid 91geteuid 92getgid 93getgroups 94getpid 95getppid 96getresgid 97getsid 98gettid 99getuid 100getresuid 101restart_syscall 102close 103dup 104dup3 105shutdown 106mincore 107memfd_create 108faccessat 109prctl 110fcntl 111clone 112setsockopt 113 114setgroups 115setresgid 116setresuid 117capset 118openat 119socket 120connect 121readlinkat 122newfstatat 123unlinkat 124ioctl 125mprotect 126mkdirat 127set_tid_address 128getdents64 129madvise 130getrandom 131statx 132prlimit64 133sched_setscheduler 134setitimer 135execve 136sched_getscheduler 137fstatfs 138setsid 139rt_tgsigqueueinfo 140ptrace 141membarrier 142 143@allowListWithArgs 144getrusage:if arg0 == RUSAGE_SELF || arg0 == RUSAGE_THREAD; return ALLOW; else return KILL_PROCESS; 145clock_getres:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return KILL_PROCESS; 146clock_gettime:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return KILL_PROCESS; 147clock_nanosleep:if arg0 >= CLOCK_REALTIME && arg0 <= CLOCK_BOOTTIME; return ALLOW; else return KILL_PROCESS; 148socketpair:if arg0 == AF_UNIX; return ALLOW; else return KILL_PROCESS; 149getsockopt:if arg1 == SOL_SOCKET || arg2 == SO_PEEK_OFF; return ALLOW; else return KILL_PROCESS; 150