diff options
Diffstat (limited to 'configstore/1.1/default/seccomp_policy/configstore@1.1-arm64.policy')
-rw-r--r-- | configstore/1.1/default/seccomp_policy/configstore@1.1-arm64.policy | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/configstore/1.1/default/seccomp_policy/configstore@1.1-arm64.policy b/configstore/1.1/default/seccomp_policy/configstore@1.1-arm64.policy new file mode 100644 index 00000000..f2dd8922 --- /dev/null +++ b/configstore/1.1/default/seccomp_policy/configstore@1.1-arm64.policy | |||
@@ -0,0 +1,54 @@ | |||
1 | # Copyright (C) 2017 The Android Open Source Project | ||
2 | # | ||
3 | # Licensed under the Apache License, Version 2.0 (the "License"); | ||
4 | # you may not use this file except in compliance with the License. | ||
5 | # You may obtain a copy of the License at | ||
6 | # | ||
7 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
8 | # | ||
9 | # Unless required by applicable law or agreed to in writing, software | ||
10 | # distributed under the License is distributed on an "AS IS" BASIS, | ||
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
12 | # See the License for the specific language governing permissions and | ||
13 | # limitations under the License. | ||
14 | |||
15 | futex: 1 | ||
16 | # ioctl: arg1 == BINDER_WRITE_READ | ||
17 | ioctl: arg1 == 0xc0306201 | ||
18 | # prctl: arg0 == PR_SET_NAME || arg0 == PR_SET_VMA || arg0 == PR_SET_TIMERSLACK | ||
19 | # || arg0 == PR_GET_NO_NEW_PRIVS # used by crash_dump | ||
20 | # prctl: arg0 == 15 || arg0 == 0x53564d41 || arg0 == 29 || arg0 == 39 | ||
21 | # TODO(b/68162846) reduce scope of prctl() based on arguments | ||
22 | prctl: 1 | ||
23 | openat: 1 | ||
24 | mmap: 1 | ||
25 | mprotect: 1 | ||
26 | close: 1 | ||
27 | getuid: 1 | ||
28 | read: 1 | ||
29 | faccessat: 1 | ||
30 | write: 1 | ||
31 | fstat: 1 | ||
32 | clone: 1 | ||
33 | sched_setscheduler: 1 | ||
34 | munmap: 1 | ||
35 | lseek: 1 | ||
36 | sigaltstack: 1 | ||
37 | writev: 1 | ||
38 | setpriority: 1 | ||
39 | restart_syscall: 1 | ||
40 | exit: 1 | ||
41 | exit_group: 1 | ||
42 | rt_sigreturn: 1 | ||
43 | getrlimit: 1 | ||
44 | madvise: 1 | ||
45 | clock_gettime: 1 | ||
46 | |||
47 | # used during process crash by crash_dump to dump process info | ||
48 | rt_sigprocmask: 1 | ||
49 | rt_sigaction: 1 | ||
50 | # socket: arg0 == AF_LOCAL | ||
51 | socket: arg0 == 1 | ||
52 | connect: 1 | ||
53 | recvmsg: 1 | ||
54 | rt_tgsigqueueinfo: 1 | ||