| Ray Essick | 4457486 | 2020-02-13 12:39:14 -0800 | [diff] [blame^] | 1 | # Organized by frequency of systemcall - in descending order for |
| 2 | # best performance. |
| 3 | futex: 1 |
| 4 | ioctl: 1 |
| 5 | write: 1 |
| 6 | prctl: 1 |
| 7 | clock_gettime: 1 |
| 8 | getpriority: 1 |
| 9 | read: 1 |
| 10 | close: 1 |
| 11 | writev: 1 |
| 12 | dup: 1 |
| 13 | ppoll: 1 |
| 14 | mmap2: 1 |
| 15 | getrandom: 1 |
| 16 | memfd_create: 1 |
| 17 | ftruncate: 1 |
| 18 | ftruncate64: 1 |
| 19 | |
| 20 | # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail |
| 21 | # parser support for '<' is in this needs to be modified to also prevent |
| 22 | # |old_address| and |new_address| from touching the exception vector page, which |
| 23 | # on ARM is statically loaded at 0xffff 0000. See |
| 24 | # http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html |
| 25 | # for more details. |
| 26 | mremap: arg3 == 3 |
| 27 | munmap: 1 |
| 28 | mprotect: 1 |
| 29 | madvise: 1 |
| 30 | openat: 1 |
| 31 | sigaltstack: 1 |
| 32 | clone: 1 |
| 33 | setpriority: 1 |
| 34 | getuid32: 1 |
| 35 | fstat64: 1 |
| 36 | fstatfs64: 1 |
| 37 | pread64: 1 |
| 38 | faccessat: 1 |
| 39 | readlinkat: 1 |
| 40 | exit: 1 |
| 41 | rt_sigprocmask: 1 |
| 42 | set_tid_address: 1 |
| 43 | restart_syscall: 1 |
| 44 | exit_group: 1 |
| 45 | rt_sigreturn: 1 |
| 46 | pipe2: 1 |
| 47 | gettimeofday: 1 |
| 48 | sched_yield: 1 |
| 49 | nanosleep: 1 |
| 50 | lseek: 1 |
| 51 | _llseek: 1 |
| 52 | sched_get_priority_max: 1 |
| 53 | sched_get_priority_min: 1 |
| 54 | statfs64: 1 |
| 55 | sched_setscheduler: 1 |
| 56 | fstatat64: 1 |
| 57 | ugetrlimit: 1 |
| 58 | getdents64: 1 |
| 59 | getrandom: 1 |
| 60 | |
| 61 | @include /system/etc/seccomp_policy/crash_dump.arm.policy |
| 62 | |
| 63 | @include /system/etc/seccomp_policy/code_coverage.arm.policy |