1# Organized by frequency of systemcall - in descending order for 2# best performance. 3ioctl: 1 4futex: 1 5prctl: 1 6write: 1 7getpriority: 1 8mmap2: 1 9close: 1 10munmap: 1 11dup: 1 12mprotect: 1 13getuid32: 1 14setpriority: 1 15sigaltstack: 1 16openat: 1 17open: 1 18clone: 1 19read: 1 20clock_gettime: 1 21lseek: 1 22writev: 1 23fstatat64: 1 24fstatfs64: 1 25fstat64: 1 26restart_syscall: 1 27exit: 1 28exit_group: 1 29rt_sigreturn: 1 30faccessat: 1 31madvise: 1 32brk: 1 33sched_setscheduler: 1 34gettid: 1 35rt_sigprocmask: 1 36sched_yield: 1 37ugetrlimit: 1 38geteuid32: 1 39getgid32: 1 40getegid32: 1 41getgroups32: 1 42nanosleep: 1 43getrandom: 1 44timer_create: 1 45timer_settime: 1 46timer_delete: 1 47 48# for dynamically loading extractors 49pread64: 1 50 51# mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail 52# parser support for '<' is in this needs to be modified to also prevent 53# |old_address| and |new_address| from touching the exception vector page, which 54# on ARM is statically loaded at 0xffff 0000. See 55# http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html 56# for more details. 57mremap: arg3 == 3 || arg3 == MREMAP_MAYMOVE 58 59# for FileSource 60readlinkat: 1 61_llseek: 1 62 63@include /apex/com.android.media/etc/seccomp_policy/crash_dump.arm.policy 64@include /apex/com.android.media/etc/seccomp_policy/code_coverage.arm.policy 65