1# Copyright (C) 2019 The Android Open Source Project 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15futex: 1 16# ioctl calls are filtered via the selinux policy. 17ioctl: 1 18sched_yield: 1 19close: 1 20dup: 1 21ppoll: 1 22mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE 23mmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE 24getuid: 1 25getrlimit: 1 26fstat: 1 27newfstatat: 1 28fstatfs: 1 29memfd_create: 1 30ftruncate: 1 31 32# mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail 33# parser support for '<' is in this needs to be modified to also prevent 34# |old_address| and |new_address| from touching the exception vector page, which 35# on ARM is statically loaded at 0xffff 0000. See 36# http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html 37# for more details. 38mremap: arg3 == 3 || arg3 == MREMAP_MAYMOVE 39munmap: 1 40prctl: 1 41writev: 1 42sigaltstack: 1 43clone: 1 44exit: 1 45lseek: 1 46rt_sigprocmask: 1 47openat: 1 48write: 1 49nanosleep: 1 50setpriority: 1 51set_tid_address: 1 52getdents64: 1 53readlinkat: 1 54read: 1 55pread64: 1 56gettimeofday: 1 57faccessat: 1 58exit_group: 1 59restart_syscall: 1 60rt_sigreturn: 1 61getrandom: 1 62madvise: 1 63 64# crash dump policy additions 65clock_gettime: 1 66getpid: 1 67gettid: 1 68pipe2: 1 69recvmsg: 1 70process_vm_readv: 1 71tgkill: 1 72rt_sigaction: 1 73rt_tgsigqueueinfo: 1 74#mprotect: arg2 in 0x1|0x2 75munmap: 1 76#mmap: arg2 in 0x1|0x2 77geteuid: 1 78getgid: 1 79getegid: 1 80getgroups: 1 81sysinfo: 1 82 83# Android profiler (heapprofd, traced_perf) additions, where not already 84# covered by the rest of the file, or by builtin minijail allow-listing of 85# logging-related syscalls. 86# TODO(b/197184220): this is a targeted addition for a specific investigation, 87# and addresses just the arm64 framework av service policies. In the future, we 88# should make this more general (e.g. a central file that can be @included in 89# other policy files). 90setsockopt: 1 91sendmsg: 1 92 93@include /apex/com.android.media.swcodec/etc/seccomp_policy/code_coverage.arm64.policy 94