diff options
Diffstat (limited to 'libc/SECCOMP_ALLOWLIST_APP.TXT')
| -rw-r--r-- | libc/SECCOMP_ALLOWLIST_APP.TXT | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/libc/SECCOMP_ALLOWLIST_APP.TXT b/libc/SECCOMP_ALLOWLIST_APP.TXT new file mode 100644 index 000000000..ba40b607e --- /dev/null +++ b/libc/SECCOMP_ALLOWLIST_APP.TXT @@ -0,0 +1,58 @@ +# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT. +# Note that the resultant policy is applied only to zygote spawned processes. +# +# This file is processed by a python script named genseccomp.py. + +# Needed for debugging 32-bit Chrome +int pipe:pipe(int pipefd[2]) lp32 + +# b/34651972 +int access:access(const char *pathname, int mode) lp32 +int stat64:stat64(const char*, struct stat64*) lp32 + +# b/34813887 +int open:open(const char *path, int oflag, ... ) lp32,x86_64 +int getdents:getdents(unsigned int fd, struct linux_dirent *dirp, unsigned int count) lp32,x86_64 + +# b/34719286 +int eventfd:eventfd(unsigned int initval, int flags) lp32 + +# b/34817266 +int epoll_wait:epoll_wait(int epfd, struct epoll_event *events, int maxevents, int timeout) lp32 + +# b/34908783 +int epoll_create:epoll_create(int size) lp32 + +# b/34979910 +int creat:creat(const char *pathname, mode_t mode) lp32 +int unlink:unlink(const char *pathname) lp32 + +# b/35059702 +int lstat64:lstat64(const char*, struct stat64*) lp32 + +# b/35217603 +int fcntl:fcntl(int fd, int cmd, ... /* arg */ ) lp32 +pid_t fork:fork() lp32 +int poll:poll(struct pollfd *fds, nfds_t nfds, int timeout) lp32 + +# b/35906875 +int inotify_init() lp32 +uid_t getuid() lp32 + +# b/36435222 +int remap_file_pages(void *addr, size_t size, int prot, size_t pgoff, int flags) lp32 + +# b/36449658 +int rename(const char *oldpath, const char *newpath) lp32 + +# b/36726183. Note arm does not support mmap +void* mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset) x86 + +# b/37769298 +int dup2(int oldfd, int newfd) lp32 + +# b/62779795 +int compat_select:_newselect(int n, unsigned long* inp, unsigned long* outp, unsigned long* exp, struct timeval* timeout) lp32 + +# b/62090571 +int mkdir(const char *pathname, mode_t mode) lp32 |