1# Copyright (C) 2019 The Android Open Source Project
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15futex: 1
16# ioctl calls are filtered via the selinux policy.
17ioctl: 1
18sched_yield: 1
19close: 1
20dup: 1
21ppoll: 1
22mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
23mmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
24getuid: 1
25getrlimit: 1
26fstat: 1
27newfstatat: 1
28fstatfs: 1
29memfd_create: 1
30ftruncate: 1
31
32# mremap: Ensure |flags| are (MREMAP_MAYMOVE | MREMAP_FIXED) TODO: Once minijail
33# parser support for '<' is in this needs to be modified to also prevent
34# |old_address| and |new_address| from touching the exception vector page, which
35# on ARM is statically loaded at 0xffff 0000. See
36# http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211h/Babfeega.html
37# for more details.
38mremap: arg3 == 3 || arg3 == MREMAP_MAYMOVE
39munmap: 1
40prctl: 1
41writev: 1
42sigaltstack: 1
43clone: 1
44exit: 1
45lseek: 1
46rt_sigprocmask: 1
47openat: 1
48write: 1
49nanosleep: 1
50setpriority: 1
51set_tid_address: 1
52getdents64: 1
53readlinkat: 1
54read: 1
55pread64: 1
56gettimeofday: 1
57faccessat: 1
58exit_group: 1
59restart_syscall: 1
60rt_sigreturn: 1
61getrandom: 1
62madvise: 1
63
64# crash dump policy additions
65clock_gettime: 1
66getpid: 1
67gettid: 1
68pipe2: 1
69recvmsg: 1
70process_vm_readv: 1
71tgkill: 1
72rt_sigaction: 1
73rt_tgsigqueueinfo: 1
74#mprotect: arg2 in 0x1|0x2
75munmap: 1
76#mmap: arg2 in 0x1|0x2
77geteuid: 1
78getgid: 1
79getegid: 1
80getgroups: 1
81sysinfo: 1
82
83# Android profiler (heapprofd, traced_perf) additions, where not already
84# covered by the rest of the file, or by builtin minijail allow-listing of
85# logging-related syscalls.
86# TODO(b/197184220): this is a targeted addition for a specific investigation,
87# and addresses just the arm64 framework av service policies. In the future, we
88# should make this more general (e.g. a central file that can be @included in
89# other policy files).
90setsockopt: 1
91sendmsg: 1
92
93@include /apex/com.android.media.swcodec/etc/seccomp_policy/code_coverage.arm64.policy
94