| // SECCOMP_MODE_STRICT |
| // |
| // minijail allowances for code coverage |
| // this is processed with generate.sh, so we can use appropriate directives |
| // size specific: __LP64__ for 64 bit, else 32 bit |
| // arch specific: __arm__, __aarch64__, __i386__, __x86_64__ |
| |
| // includes *all* syscalls used during the coverage dumping |
| // no skipping just because they might have been in another policy file. |
| |
| // coverage tool uses different operations on different passes |
| // 1st: uses write() to fill the file |
| // 2nd-Nth: uses mmap() to update in place |
| |
| close: 1 |
| // fchmod allowed to set libprofile-clang-extras, which wraps `open` calls, to |
| // set correct permission for coverage files. |
| fchmod: 1 |
| mkdirat: 1 |
| msync: 1 |
| munmap: 1 |
| openat: 1 |
| write: 1 |
| |
| #if defined(__LP64__) |
| fcntl: 1 |
| fstat: 1 |
| ftruncate: 1 |
| geteuid: 1 |
| lseek: 1 |
| mmap: 1 |
| rt_sigreturn: 1 |
| #else |
| fcntl64: 1 |
| fstat64: 1 |
| ftruncate64: 1 |
| geteuid32: 1 |
| _llseek: 1 |
| mmap2: 1 |
| sigreturn: 1 |
| #endif |
| |
| #if defined(__arm__) |
| gettimeofday: 1 |
| #endif |
| |
| #if defined(__i386__) |
| madvise: 1 |
| #endif |
| |
| #if defined(__arm__) |
| prctl: 1 |
| #elif defined(__aarch64__) |
| prctl: 1 |
| #endif |
| |