1# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT. 2# Note that the resultant policy is applied only to zygote spawned processes. 3# 4# The final seccomp allowlist is SYSCALLS.TXT - SECCOMP_BLOCKLIST.TXT + SECCOMP_ALLOWLIST.TXT 5# Any entry in the blocklist must be in the syscalls file and not be in the allowlist file 6# 7# This file is processed by a python script named genseccomp.py. 8 9# Syscalls to modify IDs. 10# Note: Some privileged syscalls are still needed in app_process after fork but 11# before uid change, including capset and setresuid. This is because the seccomp 12# filter must be installed while the process still has CAP_SYS_ADMIN; changing 13# the uid would remove that capability. 14int setgid32(gid_t) lp32 15int setgid(gid_t) lp64 16int setuid32(uid_t) lp32 17int setuid(uid_t) lp64 18int setregid32(gid_t, gid_t) lp32 19int setregid(gid_t, gid_t) lp64 20int setreuid32(uid_t, uid_t) lp32 21int setreuid(uid_t, uid_t) lp64 22# setresuid is explicitly allowed, see above. 23int setfsgid32(gid_t) lp32 24int setfsgid(gid_t) lp64 25int setfsuid32(uid_t) lp32 26int setfsuid(uid_t) lp64 27int setgroups32(int, const gid_t*) lp32 28int setgroups(int, const gid_t*) lp64 29 30# Syscalls to modify times. 31int adjtimex(struct timex*) all 32int clock_adjtime(clockid_t, struct timex*) all 33int clock_settime(clockid_t, const struct timespec*) all 34int settimeofday(const struct timeval*, const struct timezone*) all 35 36int acct(const char* filepath) all 37int syslog(int, char*, int) all 38int chroot(const char*) all 39 40int init_module(void*, unsigned long, const char*) all 41int delete_module(const char*, unsigned int) all 42int mount(const char*, const char*, const char*, unsigned long, const void*) all 43int umount2(const char*, int) all 44int swapon(const char*, int) all 45int swapoff(const char*) all 46int setdomainname(const char*, size_t) all 47int sethostname(const char*, size_t) all 48int reboot(int, int, int, void*) all 49