1# Organized by frequency of systemcall - in descending order for 2# best performance. 3futex: 1 4ioctl: 1 5write: 1 6prctl: 1 7clock_gettime: 1 8getpriority: 1 9read: 1 10close: 1 11writev: 1 12dup: 1 13ppoll: 1 14mmap2: 1 15getrandom: 1 16memfd_create: 1 17ftruncate: 1 18ftruncate64: 1 19 20# mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail 21# parser support for '<' is in this needs to be modified to also prevent 22# |old_address| and |new_address| from touching the exception vector page, which 23# on ARM is statically loaded at 0xffff 0000. See 24# http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html 25# for more details. 26mremap: arg3 == 3 || arg3 == MREMAP_MAYMOVE 27munmap: 1 28mprotect: 1 29madvise: 1 30openat: 1 31sigaltstack: 1 32clone: 1 33setpriority: 1 34getuid32: 1 35fstat64: 1 36fstatfs64: 1 37pread64: 1 38faccessat: 1 39readlinkat: 1 40exit: 1 41rt_sigprocmask: 1 42set_tid_address: 1 43restart_syscall: 1 44exit_group: 1 45rt_sigreturn: 1 46pipe2: 1 47gettimeofday: 1 48sched_yield: 1 49nanosleep: 1 50lseek: 1 51_llseek: 1 52sched_get_priority_max: 1 53sched_get_priority_min: 1 54statfs64: 1 55sched_setscheduler: 1 56fstatat64: 1 57ugetrlimit: 1 58getdents64: 1 59getrandom: 1 60 61@include /system/etc/seccomp_policy/crash_dump.arm.policy 62 63@include /system/etc/seccomp_policy/code_coverage.arm.policy 64