1// SECCOMP_MODE_STRICT 2read: 1 3write: 1 4exit: 1 5rt_sigreturn: 1 6#if !defined(__LP64__) 7sigreturn: 1 8#endif 9 10exit_group: 1 11clock_gettime: 1 12gettimeofday: 1 13futex: 1 14getrandom: 1 15getpid: 1 16gettid: 1 17 18ppoll: 1 19pipe2: 1 20openat: 1 21dup: 1 22close: 1 23lseek: 1 24getdents64: 1 25faccessat: 1 26recvmsg: 1 27recvfrom: 1 28 29process_vm_readv: 1 30 31tgkill: 1 32rt_sigprocmask: 1 33rt_sigaction: 1 34rt_tgsigqueueinfo: 1 35 36#define PR_SET_VMA 0x53564d41 37#if defined(__aarch64__) 38// PR_PAC_RESET_KEYS happens on aarch64 in pthread_create path. 39prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == PR_SET_VMA || arg0 == PR_PAC_RESET_KEYS 40#else 41prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == PR_SET_VMA 42#endif 43 44#if 0 45libminijail on vendor partitions older than P does not have constants from <sys/mman.h>. 46Define the values of PROT_READ and PROT_WRITE ourselves to maintain backwards compatibility. 47#else 48#define PROT_READ 0x1 49#define PROT_WRITE 0x2 50#endif 51 52madvise: 1 53mprotect: arg2 in PROT_READ|PROT_WRITE 54munmap: 1 55 56#if defined(__LP64__) 57getuid: 1 58fstat: 1 59mmap: arg2 in PROT_READ|PROT_WRITE 60#else 61getuid32: 1 62fstat64: 1 63mmap2: arg2 in PROT_READ|PROT_WRITE 64#endif 65 66// Needed for logging. 67#if defined(__LP64__) 68geteuid: 1 69getgid: 1 70getegid: 1 71getgroups: 1 72#else 73geteuid32: 1 74getgid32: 1 75getegid32: 1 76getgroups32: 1 77#endif 78