# Copyright (C) 2019 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. futex: 1 # ioctl calls are filtered via the selinux policy. ioctl: 1 sched_yield: 1 close: 1 dup: 1 ppoll: 1 mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE mmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE getuid: 1 getrlimit: 1 fstat: 1 newfstatat: 1 fstatfs: 1 memfd_create: 1 ftruncate: 1 # mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail # parser support for '<' is in this needs to be modified to also prevent # |old_address| and |new_address| from touching the exception vector page, which # on ARM is statically loaded at 0xffff 0000. See # http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html # for more details. mremap: arg3 == 3 || arg3 == MREMAP_MAYMOVE munmap: 1 prctl: 1 writev: 1 sigaltstack: 1 clone: 1 exit: 1 lseek: 1 rt_sigprocmask: 1 openat: 1 write: 1 nanosleep: 1 setpriority: 1 set_tid_address: 1 getdents64: 1 readlinkat: 1 read: 1 pread64: 1 gettimeofday: 1 faccessat: 1 exit_group: 1 restart_syscall: 1 rt_sigreturn: 1 getrandom: 1 madvise: 1 # crash dump policy additions clock_gettime: 1 getpid: 1 gettid: 1 pipe2: 1 recvmsg: 1 process_vm_readv: 1 tgkill: 1 rt_sigaction: 1 rt_tgsigqueueinfo: 1 #mprotect: arg2 in 0x1|0x2 munmap: 1 #mmap: arg2 in 0x1|0x2 geteuid: 1 getgid: 1 getegid: 1 getgroups: 1 sysinfo: 1 # Android profiler (heapprofd, traced_perf) additions, where not already # covered by the rest of the file, or by builtin minijail allow-listing of # logging-related syscalls. # TODO(b/197184220): this is a targeted addition for a specific investigation, # and addresses just the arm64 framework av service policies. In the future, we # should make this more general (e.g. a central file that can be @included in # other policy files). setsockopt: 1 sendmsg: 1 @include /apex/com.android.media.swcodec/etc/seccomp_policy/code_coverage.arm64.policy