// SECCOMP_MODE_STRICT
//
// minijail allowances for code coverage
// this is processed with generate.sh, so we can use appropriate directives
// size specific: __LP64__ for 64 bit, else 32 bit
// arch specific: __arm__, __aarch64__, __i386__, __x86_64__

// includes *all* syscalls used during the coverage dumping
// no skipping just because they might have been in another policy file.

// coverage tool uses different operations on different passes
// 1st: uses write() to fill the file
// 2nd-Nth: uses mmap() to update in place

close: 1
// fchmod allowed to set libprofile-clang-extras, which wraps `open` calls, to
// set correct permission for coverage files.
fchmod: 1
mkdirat: 1
msync: 1
munmap: 1
openat: 1
write: 1

#if     defined(__LP64__)
fcntl: 1
fstat: 1
ftruncate: 1
geteuid: 1
lseek: 1
mmap: 1
rt_sigreturn: 1
#else
fcntl64: 1
fstat64: 1
ftruncate64: 1
geteuid32: 1
_llseek: 1
mmap2: 1
sigreturn: 1
#endif

#if     defined(__arm__)
gettimeofday: 1
#endif

#if     defined(__i386__)
madvise: 1
#endif

#if     defined(__arm__)
prctl: 1
#elif   defined(__aarch64__)
prctl: 1
#endif