platform_bionic/libc/SECCOMP_WHITELIST.TXT

# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
# Note that the resultant policy is applied only to zygote spawned processes.
#
# Each non-blank, non-comment line has the following format:
#
# return_type func_name[|alias_list][:syscall_name[:socketcall_id]]([parameter_list]) arch_list
#
# where:
#       arch_list ::= "all" | arch+
#       arch      ::= "arm" | "arm64" | "mips" | "mips64" | "x86" | "x86_64"
#
# Note:
#      - syscall_name corresponds to the name of the syscall, which may differ from
#        the exported function name (example: the exit syscall is implemented by the _exit()
#        function, which is not the same as the standard C exit() function which calls it)

#      - alias_list is optional comma separated list of function aliases
#
#      - The call_id parameter, given that func_name and syscall_name have
#        been provided, allows the user to specify dispatch style syscalls.
#        For example, socket() syscall on i386 actually becomes:
#          socketcall(__NR_socket, 1, *(rest of args on stack)).
#
#      - Each parameter type is assumed to be stored in 32 bits.
#
# This file is processed by a python script named gensyscalls.py.

# syscalls needed to boot android
int	pivot_root:pivot_root(const char *new_root, const char *put_old)	arm64,x86_64,mips64
int	ioprio_get:ioprio_get(int which, int who)	arm64,x86_64,mips64
int	ioprio_set:ioprio_set(int which, int who, int ioprio)	arm64,x86_64,mips64
pid_t	gettid:gettid()	all
int	futex:futex(int *uaddr, int futex_op, int val, const struct timespec *timeout, int *uaddr2, int val3)	all
int	clone:clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ..) all
int	rt_sigreturn:rt_sigreturn(unsigned long __unused)	all
int	rt_tgsigqueueinfo:int rt_tgsigqueueinfo(pid_t tgid, pid_t tid, int sig, siginfo_t *uinfo)	all
int	restart_syscall:int restart_syscall()	all
int	getrandom:int getrandom(void *buf, size_t buflen, unsigned int flags) all
int	fstatat64|fstatat:newfstatat(int, const char*, struct stat*, int)	mips64
int	fstat64|fstat:fstat(int, struct stat*)	mips64
int	_flush_cache:cacheflush(char* addr, const int nbytes, const int op)	mips64

# Needed for performance tools
int	perf_event_open:perf_event_open(struct perf_event_attr *attr, pid_t pid, int cpu, int group_fd, unsigned long flags)	all

# Needed for strace
int	tkill:tkill(int tid, int sig)	all

# b/35034743
int	syncfs:syncfs(int fd)	all

# b/34763393
int	seccomp:seccomp(unsigned int operation, unsigned int flags, void *args)	all

# syscalls needed to boot android
int	sigreturn:sigreturn(unsigned long __unused)	arm,x86,mips

# Syscalls needed to run GFXBenchmark
pid_t	vfork:vfork()	arm,x86,x86_64

# Needed for debugging 32-bit Chrome
int	pipe:pipe(int pipefd[2])	arm,x86,mips

# b/34651972
int	access:access(const char *pathname, int mode)	arm,x86,mips
int	stat64:stat64(const char *restrict path, struct stat64 *restrict buf)	arm,x86,mips

# b/34813887
int	open:open(const char *path, int oflag, ... ) arm,x86,mips
int	getdents:getdents(unsigned int fd, struct linux_dirent *dirp, unsigned int count) arm,x86,mips

# b/34719286
int	eventfd:eventfd(unsigned int initval, int flags)	arm,x86,mips

# b/34817266
int	epoll_wait:epoll_wait(int epfd, struct epoll_event *events, int maxevents, int timeout)	arm,x86,mips

# Needed by sanitizers (b/34606909)
# 5 (__NR_open) and 195 (__NR_stat64) are also required, but they are
# already allowed.
ssize_t	readlink:readlink(const char *path, char *buf, size_t bufsiz)	arm,x86,mips

# b/34908783
int	epoll_create:epoll_create(int size)	arm,x86,mips

# b/34979910
int	creat:creat(const char *pathname, mode_t mode)	arm,x86,mips
int	unlink:unlink(const char *pathname)	arm,x86,mips

# b/35059702
int	lstat64:lstat64(const char *restrict path, struct stat64 *restrict buf)	arm,x86,mips

# b/35217603
int	fcntl:fcntl(int fd, int cmd, ... /* arg */ )	arm,x86,mips
pid_t	fork:fork()	arm,x86,mips
int	poll:poll(struct pollfd *fds, nfds_t nfds, int timeout)	arm,x86,mips

# b/35906875. Note mips already has getuid from SYSCALLS.TXT
int	inotify_init()	arm,x86,mips
uid_t	getuid()	arm,x86

# b/36435222
int	remap_file_pages(void *addr, size_t size, int prot, size_t pgoff, int flags)	arm,x86,mips

# b/36449658
int	rename(const char *oldpath, const char *newpath)	arm,x86,mips

# b/36726183. Note arm does not support mmap
void*	mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset)	x86,mips

# Useful new syscalls which we don't yet use in bionic.
int sched_getattr(pid_t pid, struct sched_attr* attr, unsigned int flags) all
int sched_setattr(pid_t pid, struct sched_attr* attr, unsigned int size, unsigned int flags) all
int memfd_create(const char* name, unsigned int flags) all
int renameat2(int olddirfd, const char* oldpath, int newdirfd, const char* newpath, unsigned int flags)  all
int execveat(int dirfd, const char* pathname, char* const* argv, char* const* envp, int flags)  all
ssize_t copy_file_range(int fd_in, loff_t* off_in, int fd_out, loff_t* off_out, size_t len, unsigned int flags) all
int mlock2(const void* addr, size_t len, int flags) all
ssize_t preadv2(int fd, const struct iovec* iov, int iovcnt, off_t offset, int flags) all
ssize_t pwritev2(int fd, const struct iovec* iov, int iovcnt, off_t offset, int flags) all

# b/37769298
int dup2(int oldfd, int newfd)	arm,x86,mips

# b/62779795
int compat_select:_newselect(int n, unsigned long* inp, unsigned long* outp, unsigned long* exp, struct timeval* timeout) arm,x86,mips

# b/62090571
int mkdir(const char *pathname, mode_t mode)	arm,x86,mips