2017-04-12 19:02:54 +02:00
|
|
|
# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
|
|
|
|
|
# Note that the resultant policy is applied only to zygote spawned processes.
|
|
|
|
|
#
|
|
|
|
|
# The final seccomp whitelist is SYSCALLS.TXT - SECCOMP_BLACKLIST.TXT + SECCOMP_WHITELIST.TXT
|
|
|
|
|
# Any entry in the blacklist must be in the syscalls file and not be in the whitelist file
|
|
|
|
|
#
|
|
|
|
|
# Each non-blank, non-comment line has the following format:
|
|
|
|
|
#
|
|
|
|
|
# return_type func_name[|alias_list][:syscall_name[:socketcall_id]]([parameter_list]) arch_list
|
|
|
|
|
#
|
|
|
|
|
# where:
|
|
|
|
|
# arch_list ::= "all" | arch+
|
|
|
|
|
# arch ::= "arm" | "arm64" | "mips" | "mips64" | "x86" | "x86_64"
|
|
|
|
|
#
|
|
|
|
|
# Note:
|
|
|
|
|
# - syscall_name corresponds to the name of the syscall, which may differ from
|
|
|
|
|
# the exported function name (example: the exit syscall is implemented by the _exit()
|
|
|
|
|
# function, which is not the same as the standard C exit() function which calls it)
|
|
|
|
|
|
|
|
|
|
# - alias_list is optional comma separated list of function aliases
|
|
|
|
|
#
|
|
|
|
|
# - The call_id parameter, given that func_name and syscall_name have
|
|
|
|
|
# been provided, allows the user to specify dispatch style syscalls.
|
|
|
|
|
# For example, socket() syscall on i386 actually becomes:
|
|
|
|
|
# socketcall(__NR_socket, 1, *(rest of args on stack)).
|
|
|
|
|
#
|
|
|
|
|
# - Each parameter type is assumed to be stored in 32 bits.
|
|
|
|
|
#
|
2017-12-20 18:19:22 +01:00
|
|
|
# This file is processed by a python script named genseccomp.py.
|
2017-04-12 19:02:54 +02:00
|
|
|
|
|
|
|
|
int swapon(const char*, int) all
|
|
|
|
|
int swapoff(const char*) all
|
