// SECCOMP_MODE_STRICT read: 1 write: 1 exit: 1 rt_sigreturn: 1 #if !defined(__LP64__) sigreturn: 1 #endif exit_group: 1 clock_gettime: 1 gettimeofday: 1 futex: 1 getrandom: 1 getpid: 1 gettid: 1 ppoll: 1 pipe2: 1 openat: 1 dup: 1 close: 1 lseek: 1 getdents64: 1 faccessat: 1 recvmsg: 1 recvfrom: 1 process_vm_readv: 1 tgkill: 1 rt_sigprocmask: 1 rt_sigaction: 1 rt_tgsigqueueinfo: 1 #define PR_SET_VMA 0x53564d41 #if defined(__aarch64__) // PR_PAC_RESET_KEYS happens on aarch64 in pthread_create path. prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == PR_SET_VMA || arg0 == PR_PAC_RESET_KEYS #else prctl: arg0 == PR_GET_NO_NEW_PRIVS || arg0 == PR_SET_VMA #endif #if 0 libminijail on vendor partitions older than P does not have constants from . Define the values of PROT_READ and PROT_WRITE ourselves to maintain backwards compatibility. #else #define PROT_READ 0x1 #define PROT_WRITE 0x2 #endif madvise: 1 mprotect: arg2 in PROT_READ|PROT_WRITE munmap: 1 #if defined(__LP64__) getuid: 1 fstat: 1 mmap: arg2 in PROT_READ|PROT_WRITE #else getuid32: 1 fstat64: 1 mmap2: arg2 in PROT_READ|PROT_WRITE #endif // Needed for logging. #if defined(__LP64__) geteuid: 1 getgid: 1 getegid: 1 getgroups: 1 #else geteuid32: 1 getgid32: 1 getegid32: 1 getgroups32: 1 #endif