1# Organized by frequency of systemcall - in descending order for 2# best performance. 3ioctl: 1 4futex: 1 5prctl: 1 6write: 1 7getpriority: 1 8close: 1 9dup: 1 10mmap: 1 11munmap: 1 12openat: 1 13mprotect: 1 14madvise: 1 15getuid: 1 16fstat: 1 17fstatfs: 1 18read: 1 19setpriority: 1 20sigaltstack: 1 21clone: 1 22sched_setscheduler: 1 23lseek: 1 24newfstatat: 1 25faccessat: 1 26restart_syscall: 1 27exit: 1 28exit_group: 1 29rt_sigreturn: 1 30getrlimit: 1 31nanosleep: 1 32getrandom: 1 33timer_create: 1 34timer_settime: 1 35timer_delete: 1 36 37# for FileSource 38readlinkat: 1 39 40# for dynamically loading extractors 41getdents64: 1 42readlinkat: 1 43pread64: 1 44mremap: 1 45 46# Required by Sanitizers 47sched_yield: 1 48 49# Android profiler (heapprofd, traced_perf) additions, where not already 50# covered by the rest of the file, or by builtin minijail allow-listing of 51# logging-related syscalls. 52# TODO(b/197184220): this is a targeted addition for a specific investigation, 53# and addresses just the arm64 framework av service policies. In the future, we 54# should make this more general (e.g. a central file that can be @included in 55# other policy files). 56setsockopt: 1 57sendmsg: 1 58set_tid_address: 1 59 60@include /apex/com.android.media/etc/seccomp_policy/crash_dump.arm64.policy 61@include /apex/com.android.media/etc/seccomp_policy/code_coverage.arm64.policy 62