| // SECCOMP_MODE_STRICT |
| read: 1 |
| write: 1 |
| exit: 1 |
| rt_sigreturn: 1 |
| #if !defined(__LP64__) |
| sigreturn: 1 |
| #endif |
| |
| exit_group: 1 |
| clock_gettime: 1 |
| gettimeofday: 1 |
| futex: 1 |
| getrandom: 1 |
| getpid: 1 |
| gettid: 1 |
| |
| ppoll: 1 |
| pipe2: 1 |
| openat: 1 |
| dup: 1 |
| close: 1 |
| lseek: 1 |
| getdents64: 1 |
| faccessat: 1 |
| recvmsg: 1 |
| recvfrom: 1 |
| sysinfo: 1 |
| setsockopt: 1 |
| |
| process_vm_readv: 1 |
| |
| tgkill: 1 |
| rt_sigprocmask: 1 |
| rt_sigaction: 1 |
| rt_tgsigqueueinfo: 1 |
| |
| // this is referenced from mainline modules running on Q devices, where not all |
| // of the constants used here are defined in headers, so minijail rejects them. |
| // we define them here to avoid those errors. |
| // constants introduced in R |
| #define PR_SET_VMA 0x53564d41 |
| #define PR_GET_TAGGED_ADDR_CTRL 56 |
| // constants introduced in S |
| #define PR_PAC_GET_ENABLED_KEYS 61 |
| |
| #if defined(__aarch64__) |
| // PR_PAC_RESET_KEYS happens on aarch64 in pthread_create path. |
| prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == PR_SET_VMA || arg0 == PR_PAC_RESET_KEYS || arg0 == PR_GET_TAGGED_ADDR_CTRL || arg0 == PR_PAC_GET_ENABLED_KEYS |
| #else |
| prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == PR_SET_VMA |
| #endif |
| |
| #if 0 |
| libminijail on vendor partitions older than P does not have constants from <sys/mman.h>. |
| Define the values of PROT_READ and PROT_WRITE ourselves to maintain backwards compatibility. |
| #else |
| #define PROT_READ 0x1 |
| #define PROT_WRITE 0x2 |
| #endif |
| |
| madvise: 1 |
| mprotect: arg2 in PROT_READ|PROT_WRITE |
| munmap: 1 |
| |
| #if defined(__LP64__) |
| getuid: 1 |
| fstat: 1 |
| mmap: arg2 in PROT_READ|PROT_WRITE |
| #else |
| getuid32: 1 |
| fstat64: 1 |
| mmap2: arg2 in PROT_READ|PROT_WRITE |
| #endif |
| |
| // Needed for logging. |
| #if defined(__LP64__) |
| geteuid: 1 |
| getgid: 1 |
| getegid: 1 |
| getgroups: 1 |
| #else |
| geteuid32: 1 |
| getgid32: 1 |
| getegid32: 1 |
| getgroups32: 1 |
| #endif |