1# Copyright (C) 2019 The Android Open Source Project 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15futex: 1 16# ioctl calls are filtered via the selinux policy. 17ioctl: 1 18sched_yield: 1 19close: 1 20dup: 1 21ppoll: 1 22mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE 23mmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE 24getuid: 1 25getrlimit: 1 26fstat: 1 27newfstatat: 1 28fstatfs: 1 29memfd_create: 1 30ftruncate: 1 31 32mremap: arg3 == 3 || arg3 == MREMAP_MAYMOVE 33munmap: 1 34prctl: 1 35writev: 1 36sigaltstack: 1 37clone: 1 38exit: 1 39lseek: 1 40rt_sigprocmask: 1 41openat: 1 42write: 1 43nanosleep: 1 44setpriority: 1 45set_tid_address: 1 46getdents64: 1 47readlinkat: 1 48read: 1 49pread64: 1 50gettimeofday: 1 51faccessat: 1 52exit_group: 1 53restart_syscall: 1 54rt_sigreturn: 1 55getrandom: 1 56madvise: 1 57 58# crash dump policy additions 59clock_gettime: 1 60getpid: 1 61gettid: 1 62pipe2: 1 63recvmsg: 1 64process_vm_readv: 1 65tgkill: 1 66rt_sigaction: 1 67rt_tgsigqueueinfo: 1 68#mprotect: arg2 in 0x1|0x2 69munmap: 1 70#mmap: arg2 in 0x1|0x2 71geteuid: 1 72getgid: 1 73getegid: 1 74getgroups: 1 75 76