60f3ed41a3
The netd service and system server will use bpf syscalls to get network stats information when kernel supported. And the syscall from system server will need seccomp permission to run it. Test: -m CtsNetTestCases -t android.net.cts.TrafficStatsTest Bug: 30950746 Change-Id: I01c46f243dca0933a44cbfd3148f9e4748f9bc99
28 lines
1.3 KiB
Text
28 lines
1.3 KiB
Text
# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
|
|
# Note that the resultant policy is applied only to zygote spawned processes.
|
|
#
|
|
# Each non-blank, non-comment line has the following format:
|
|
#
|
|
# return_type func_name[|alias_list][:syscall_name[:socketcall_id]]([parameter_list]) arch_list
|
|
#
|
|
# where:
|
|
# arch_list ::= "all" | arch+
|
|
# arch ::= "arm" | "arm64" | "mips" | "mips64" | "x86" | "x86_64"
|
|
#
|
|
# Note:
|
|
# - syscall_name corresponds to the name of the syscall, which may differ from
|
|
# the exported function name (example: the exit syscall is implemented by the _exit()
|
|
# function, which is not the same as the standard C exit() function which calls it)
|
|
|
|
# - alias_list is optional comma separated list of function aliases
|
|
#
|
|
# - The call_id parameter, given that func_name and syscall_name have
|
|
# been provided, allows the user to specify dispatch style syscalls.
|
|
# For example, socket() syscall on i386 actually becomes:
|
|
# socketcall(__NR_socket, 1, *(rest of args on stack)).
|
|
#
|
|
# - Each parameter type is assumed to be stored in 32 bits.
|
|
#
|
|
# This file is processed by a python script named genseccomp.py.
|
|
|
|
int bpf(int cmd, union bpf_attr *attr, unsigned int size) all
|