040c28a023
521b41 "Allow system processes to use vfork" ed74ab "Move some syscalls in commmon whitelist to app" An implementation bug actually assigns the system seccomp filter to all processes after zygote forks. Test: the apps in the bug no longer crashes. Bug: 76461821
26 lines
1.2 KiB
Text
26 lines
1.2 KiB
Text
# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
|
|
# Note that the resultant policy is applied only to zygote spawned processes.
|
|
#
|
|
# Each non-blank, non-comment line has the following format:
|
|
#
|
|
# return_type func_name[|alias_list][:syscall_name[:socketcall_id]]([parameter_list]) arch_list
|
|
#
|
|
# where:
|
|
# arch_list ::= "all" | arch+
|
|
# arch ::= "arm" | "arm64" | "mips" | "mips64" | "x86" | "x86_64"
|
|
#
|
|
# Note:
|
|
# - syscall_name corresponds to the name of the syscall, which may differ from
|
|
# the exported function name (example: the exit syscall is implemented by the _exit()
|
|
# function, which is not the same as the standard C exit() function which calls it)
|
|
|
|
# - alias_list is optional comma separated list of function aliases
|
|
#
|
|
# - The call_id parameter, given that func_name and syscall_name have
|
|
# been provided, allows the user to specify dispatch style syscalls.
|
|
# For example, socket() syscall on i386 actually becomes:
|
|
# socketcall(__NR_socket, 1, *(rest of args on stack)).
|
|
#
|
|
# - Each parameter type is assumed to be stored in 32 bits.
|
|
#
|
|
# This file is processed by a python script named genseccomp.py.
|