1// SECCOMP_MODE_STRICT 2read: 1 3write: 1 4exit: 1 5rt_sigreturn: 1 6#if !defined(__LP64__) 7sigreturn: 1 8#endif 9 10exit_group: 1 11clock_gettime: 1 12gettimeofday: 1 13futex: 1 14getrandom: 1 15getpid: 1 16gettid: 1 17 18ppoll: 1 19pipe2: 1 20openat: 1 21dup: 1 22close: 1 23lseek: 1 24getdents64: 1 25faccessat: 1 26recvmsg: 1 27 28process_vm_readv: 1 29 30tgkill: 1 31rt_sigprocmask: 1 32rt_sigaction: 1 33rt_tgsigqueueinfo: 1 34 35#define PR_SET_VMA 0x53564d41 36prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == PR_SET_VMA 37 38#if 0 39libminijail on vendor partitions older than P does not have constants from <sys/mman.h>. 40Define the values of PROT_READ and PROT_WRITE ourselves to maintain backwards compatibility. 41#else 42#define PROT_READ 0x1 43#define PROT_WRITE 0x2 44#endif 45 46madvise: 1 47mprotect: arg2 in PROT_READ|PROT_WRITE 48munmap: 1 49 50#if defined(__LP64__) 51getuid: 1 52fstat: 1 53mmap: arg2 in PROT_READ|PROT_WRITE 54#else 55getuid32: 1 56fstat64: 1 57mmap2: arg2 in PROT_READ|PROT_WRITE 58#endif 59 60// Needed for logging. 61#if defined(__LP64__) 62geteuid: 1 63getgid: 1 64getegid: 1 65getgroups: 1 66#else 67geteuid32: 1 68getgid32: 1 69getegid32: 1 70getgroups32: 1 71#endif 72