Use more inclusive language for seccomp filter

blacklist and whitelist are replaced with blocklist and allowlist
respectively.

Test: CtsSeccompHostTestCases
Change-Id: I39d9eda89038d1addbdaed59284a254a34cea1c6

libc/Android.bp

@@ -2360,11 +2360,11 @@ cc_genrule {
     ],
 }
 
-// SECCOMP_BLACKLIST_APP_ZYGOTE.TXT = SECCOMP_BLACKLIST_APP.txt - setresgid*
+// SECCOMP_BLOCKLIST_APP_ZYGOTE.TXT = SECCOMP_BLOCKLIST_APP.txt - setresgid*
 genrule {
-    name: "generate_app_zygote_blacklist",
-    out: ["SECCOMP_BLACKLIST_APP_ZYGOTE.TXT"],
-    srcs: ["SECCOMP_BLACKLIST_APP.TXT"],
+    name: "generate_app_zygote_blocklist",
+    out: ["SECCOMP_BLOCKLIST_APP_ZYGOTE.TXT"],
+    srcs: ["SECCOMP_BLOCKLIST_APP.TXT"],
     cmd: "grep -v '^int[ \t]*setresgid' $(in) > $(out)",
 }
 
@@ -2377,11 +2377,11 @@ cc_genrule {
 
     srcs: [
         "SYSCALLS.TXT",
-        "SECCOMP_WHITELIST_COMMON.TXT",
-        "SECCOMP_WHITELIST_APP.TXT",
-        "SECCOMP_BLACKLIST_COMMON.TXT",
+        "SECCOMP_ALLOWLIST_COMMON.TXT",
+        "SECCOMP_ALLOWLIST_APP.TXT",
+        "SECCOMP_BLOCKLIST_COMMON.TXT",
         "SECCOMP_PRIORITY.TXT",
-        ":generate_app_zygote_blacklist",
+        ":generate_app_zygote_blocklist",
         ":libseccomp_gen_syscall_nrs_arm",
         ":libseccomp_gen_syscall_nrs_arm64",
         ":libseccomp_gen_syscall_nrs_x86",
@@ -2405,10 +2405,10 @@ cc_genrule {
 
     srcs: [
         "SYSCALLS.TXT",
-        "SECCOMP_WHITELIST_COMMON.TXT",
-        "SECCOMP_WHITELIST_APP.TXT",
-        "SECCOMP_BLACKLIST_COMMON.TXT",
-        "SECCOMP_BLACKLIST_APP.TXT",
+        "SECCOMP_ALLOWLIST_COMMON.TXT",
+        "SECCOMP_ALLOWLIST_APP.TXT",
+        "SECCOMP_BLOCKLIST_COMMON.TXT",
+        "SECCOMP_BLOCKLIST_APP.TXT",
         "SECCOMP_PRIORITY.TXT",
         ":libseccomp_gen_syscall_nrs_arm",
         ":libseccomp_gen_syscall_nrs_arm64",
@@ -2433,9 +2433,9 @@ cc_genrule {
 
     srcs: [
         "SYSCALLS.TXT",
-        "SECCOMP_WHITELIST_COMMON.TXT",
-        "SECCOMP_WHITELIST_SYSTEM.TXT",
-        "SECCOMP_BLACKLIST_COMMON.TXT",
+        "SECCOMP_ALLOWLIST_COMMON.TXT",
+        "SECCOMP_ALLOWLIST_SYSTEM.TXT",
+        "SECCOMP_BLOCKLIST_COMMON.TXT",
         "SECCOMP_PRIORITY.TXT",
         ":libseccomp_gen_syscall_nrs_arm",
         ":libseccomp_gen_syscall_nrs_arm64",

libc/SECCOMP_ALLOWLIST_APP.TXT

@@ -1,4 +1,4 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
 # Note that the resultant policy is applied only to zygote spawned processes.
 #
 # This file is processed by a python script named genseccomp.py.

libc/SECCOMP_ALLOWLIST_COMMON.TXT

@@ -1,4 +1,4 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
 # Note that the resultant policy is applied only to zygote spawned processes.
 #
 # This file is processed by a python script named genseccomp.py.

libc/SECCOMP_ALLOWLIST_SYSTEM.TXT

@@ -1,4 +1,4 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
 # Note that the resultant policy is applied only to zygote spawned processes.
 #
 # This file is processed by a python script named genseccomp.py.

libc/SECCOMP_BLACKLIST_COMMON.TXT

@@ -1,10 +0,0 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
-# Note that the resultant policy is applied only to zygote spawned processes.
-#
-# The final seccomp whitelist is SYSCALLS.TXT - SECCOMP_BLACKLIST.TXT + SECCOMP_WHITELIST.TXT
-# Any entry in the blacklist must be in the syscalls file and not be in the whitelist file
-#
-# This file is processed by a python script named genseccomp.py.
-
-int     swapon(const char*, int) all
-int     swapoff(const char*) all

libc/SECCOMP_BLOCKLIST_APP.TXT

@@ -1,8 +1,8 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
 # Note that the resultant policy is applied only to zygote spawned processes.
 #
-# The final seccomp whitelist is SYSCALLS.TXT - SECCOMP_BLACKLIST.TXT + SECCOMP_WHITELIST.TXT
-# Any entry in the blacklist must be in the syscalls file and not be in the whitelist file
+# The final seccomp allowlist is SYSCALLS.TXT - SECCOMP_BLOCKLIST.TXT + SECCOMP_ALLOWLIST.TXT
+# Any entry in the blocklist must be in the syscalls file and not be in the allowlist file
 #
 # This file is processed by a python script named genseccomp.py.
 

libc/SECCOMP_BLOCKLIST_COMMON.TXT

@@ -0,0 +1,10 @@
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
+# Note that the resultant policy is applied only to zygote spawned processes.
+#
+# The final seccomp allowlist is SYSCALLS.TXT - SECCOMP_BLOCKLIST.TXT + SECCOMP_ALLOWLIST.TXT
+# Any entry in the blocklist must be in the syscalls file and not be in the allowlist file
+#
+# This file is processed by a python script named genseccomp.py.
+
+int     swapon(const char*, int) all
+int     swapoff(const char*) all

libc/SECCOMP_PRIORITY.TXT

@@ -1,4 +1,4 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
 # Note that the resultant policy is applied only to zygote spawned processes.
 #
 # This file is processed by a python script named genseccomp.py.

libc/seccomp/seccomp_policy.cpp

@@ -140,12 +140,12 @@ static void ValidateSyscallArgInRange(filter& f, __u32 arg_num, __u32 range_min,
     Disallow(f);
 }
 
-// This filter is meant to be installed in addition to a regular whitelist filter.
+// This filter is meant to be installed in addition to a regular allowlist filter.
 // Therefore, it's default action has to be Allow, except when the evaluated
 // system call matches setresuid/setresgid and the arguments don't fall within the
 // passed in range.
 //
-// The regular whitelist only allows setresuid/setresgid for UID/GID changes, so
+// The regular allowlist only allows setresuid/setresgid for UID/GID changes, so
 // that's the only system call we need to check here. A CTS test ensures the other
 // calls will remain blocked.
 static void ValidateSetUidGid(filter& f, uint32_t uid_gid_min, uint32_t uid_gid_max, bool primary) {

libc/tools/genseccomp.py

@@ -56,12 +56,12 @@ def load_syscall_priorities_from_file(file_path):
   return priorities
 
 
-def merge_names(base_names, whitelist_names, blacklist_names):
-  if bool(blacklist_names - base_names):
-    raise RuntimeError("Blacklist item not in bionic - aborting " + str(
-        blacklist_names - base_names))
+def merge_names(base_names, allowlist_names, blocklist_names):
+  if bool(blocklist_names - base_names):
+    raise RuntimeError("blocklist item not in bionic - aborting " + str(
+        blocklist_names - base_names))
 
-  return (base_names - blacklist_names) | whitelist_names
+  return (base_names - blocklist_names) | allowlist_names
 
 
 def extract_priority_syscalls(syscalls, priorities):
@@ -230,19 +230,19 @@ def construct_bpf(syscalls, architecture, name_modifier, priorities):
 def gen_policy(name_modifier, out_dir, base_syscall_file, syscall_files, syscall_NRs, priority_file):
   for arch in SupportedArchitectures:
     base_names = load_syscall_names_from_file(base_syscall_file, arch)
-    whitelist_names = set()
-    blacklist_names = set()
+    allowlist_names = set()
+    blocklist_names = set()
     for f in syscall_files:
-      if "blacklist" in f.lower():
-        blacklist_names |= load_syscall_names_from_file(f, arch)
+      if "blocklist" in f.lower():
+        blocklist_names |= load_syscall_names_from_file(f, arch)
       else:
-        whitelist_names |= load_syscall_names_from_file(f, arch)
+        allowlist_names |= load_syscall_names_from_file(f, arch)
     priorities = []
     if priority_file:
       priorities = load_syscall_priorities_from_file(priority_file)
 
     allowed_syscalls = []
-    for name in merge_names(base_names, whitelist_names, blacklist_names):
+    for name in merge_names(base_names, allowlist_names, blocklist_names):
       try:
         allowed_syscalls.append((name, syscall_NRs[arch][name]))
       except:
@@ -274,8 +274,8 @@ def main():
                       help=("The path of the input files. In order to "
                             "simplify the build rules, it can take any of the "
                             "following files: \n"
-                            "* /blacklist.*\.txt$/ syscall blacklist.\n"
-                            "* /whitelist.*\.txt$/ syscall whitelist.\n"
+                            "* /blocklist.*\.txt$/ syscall blocklist.\n"
+                            "* /allowlist.*\.txt$/ syscall allowlist.\n"
                             "* /priority.txt$/ priorities for bpf rules.\n"
                             "* otherwise, syscall name-number mapping.\n"))
   args = parser.parse_args()

libc/tools/test_genseccomp.py

@@ -29,20 +29,20 @@ int __llseek:_llseek(int, unsigned long, unsigned long, off64_t*, int) arm,x86
 int         fchown:fchown(int, uid_t, gid_t)    arm64,x86_64
     """))
 
-    whitelist = cStringIO.StringIO(textwrap.dedent("""\
+    allowlist = cStringIO.StringIO(textwrap.dedent("""\
 ssize_t     read(int, void*, size_t)        all
     """))
 
     empty = cStringIO.StringIO(textwrap.dedent("""\
     """))
 
-    names = genseccomp.get_names([bionic, whitelist, empty], "arm")
+    names = genseccomp.get_names([bionic, allowlist, empty], "arm")
     bionic.seek(0)
-    whitelist.seek(0)
+    allowlist.seek(0)
     empty.seek(0)
-    names64 = genseccomp.get_names([bionic, whitelist, empty], "arm64")
+    names64 = genseccomp.get_names([bionic, allowlist, empty], "arm64")
     bionic.seek(0)
-    whitelist.seek(0)
+    allowlist.seek(0)
     empty.seek(0)
 
     self.assertIn("fchown", names64)
@@ -52,45 +52,45 @@ ssize_t     read(int, void*, size_t)        all
     self.assertIn("read", names)
     self.assertIn("read", names64)
 
-    # Blacklist item must be in bionic
-    blacklist = cStringIO.StringIO(textwrap.dedent("""\
+    # Blocklist item must be in bionic
+    blocklist = cStringIO.StringIO(textwrap.dedent("""\
 int         fchown2:fchown2(int, uid_t, gid_t)    arm64,x86_64
     """))
     with self.assertRaises(RuntimeError):
-      genseccomp.get_names([bionic, whitelist, blacklist], "arm")
+      genseccomp.get_names([bionic, allowlist, blocklist], "arm")
     bionic.seek(0)
-    whitelist.seek(0)
-    blacklist.seek(0)
+    allowlist.seek(0)
+    blocklist.seek(0)
 
-    # Test blacklist item is removed
-    blacklist = cStringIO.StringIO(textwrap.dedent("""\
+    # Test blocklist item is removed
+    blocklist = cStringIO.StringIO(textwrap.dedent("""\
 int         fchown:fchown(int, uid_t, gid_t)    arm64,x86_64
     """))
-    names = genseccomp.get_names([bionic, whitelist, blacklist], "arm64")
+    names = genseccomp.get_names([bionic, allowlist, blocklist], "arm64")
     bionic.seek(0)
-    whitelist.seek(0)
-    blacklist.seek(0)
+    allowlist.seek(0)
+    blocklist.seek(0)
     self.assertIn("read", names)
     self.assertNotIn("fchown", names)
 
-    # Blacklist item must not be in whitelist
-    whitelist = cStringIO.StringIO(textwrap.dedent("""\
+    # Blocklist item must not be in allowlist
+    allowlist = cStringIO.StringIO(textwrap.dedent("""\
 int         fchown:fchown(int, uid_t, gid_t)    arm64,x86_64
     """))
     with self.assertRaises(RuntimeError):
-      genseccomp.get_names([empty, whitelist, blacklist], "arm")
+      genseccomp.get_names([empty, allowlist, blocklist], "arm")
     empty.seek(0)
-    whitelist.seek(0)
-    blacklist.seek(0)
+    allowlist.seek(0)
+    blocklist.seek(0)
 
-    # No dups in bionic and whitelist
-    whitelist = cStringIO.StringIO(textwrap.dedent("""\
+    # No dups in bionic and allowlist
+    allowlist = cStringIO.StringIO(textwrap.dedent("""\
 int __llseek:_llseek(int, unsigned long, unsigned long, off64_t*, int) arm,x86
     """))
     with self.assertRaises(RuntimeError):
-      genseccomp.get_names([bionic, whitelist, empty], "arm")
+      genseccomp.get_names([bionic, allowlist, empty], "arm")
     bionic.seek(0)
-    whitelist.seek(0)
+    allowlist.seek(0)
     empty.seek(0)
 
   def test_convert_names_to_NRs(self):
@@ -186,14 +186,14 @@ int __llseek:_llseek(int, unsigned long, unsigned long, off64_t*, int) arm,x86
     int         fchown:fchown(int, uid_t, gid_t)    arm64,x86_64
     """))
 
-    whitelist = cStringIO.StringIO(textwrap.dedent("""\
+    allowlist = cStringIO.StringIO(textwrap.dedent("""\
     ssize_t     read(int, void*, size_t)        all
     """))
 
-    blacklist = cStringIO.StringIO(textwrap.dedent("""\
+    blocklist = cStringIO.StringIO(textwrap.dedent("""\
     """))
 
-    syscall_files = [syscalls, whitelist, blacklist]
+    syscall_files = [syscalls, allowlist, blocklist]
     output = genseccomp.construct_bpf(syscall_files, "arm", self.get_headers("arm"),
                                       self.get_switches("arm"))