1*bb4ee6a4SAndroid Build Coastguard Worker# Copyright 2017 The ChromiumOS Authors 2*bb4ee6a4SAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be 3*bb4ee6a4SAndroid Build Coastguard Worker# found in the LICENSE file. 4*bb4ee6a4SAndroid Build Coastguard Worker 5*bb4ee6a4SAndroid Build Coastguard Workerclose: 1 6*bb4ee6a4SAndroid Build Coastguard Workerdup: 1 7*bb4ee6a4SAndroid Build Coastguard Workerdup2: 1 8*bb4ee6a4SAndroid Build Coastguard Workerexecve: 1 9*bb4ee6a4SAndroid Build Coastguard Workerexit_group: 1 10*bb4ee6a4SAndroid Build Coastguard Workerfutex: 1 11*bb4ee6a4SAndroid Build Coastguard Workerkill: 1 12*bb4ee6a4SAndroid Build Coastguard Workerlseek: 1 13*bb4ee6a4SAndroid Build Coastguard Workermprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE 14*bb4ee6a4SAndroid Build Coastguard Workermunmap: 1 15*bb4ee6a4SAndroid Build Coastguard Workerread: 1 16*bb4ee6a4SAndroid Build Coastguard Workerrecvfrom: 1 17*bb4ee6a4SAndroid Build Coastguard Workersched_getaffinity: 1 18*bb4ee6a4SAndroid Build Coastguard Workerset_robust_list: 1 19*bb4ee6a4SAndroid Build Coastguard Workersigaltstack: 1 20*bb4ee6a4SAndroid Build Coastguard Worker# Disallow clone's other than new threads. 21*bb4ee6a4SAndroid Build Coastguard Workerclone: arg0 & 0x00010000 22*bb4ee6a4SAndroid Build Coastguard Workerclone3: 1 23*bb4ee6a4SAndroid Build Coastguard Workerwrite: 1 24*bb4ee6a4SAndroid Build Coastguard Workereventfd2: 1 25*bb4ee6a4SAndroid Build Coastguard Workerpoll: 1 26*bb4ee6a4SAndroid Build Coastguard Workergetpid: 1 27*bb4ee6a4SAndroid Build Coastguard Workergetppid: 1 28*bb4ee6a4SAndroid Build Coastguard Worker# Allow PR_SET_NAME only. 29*bb4ee6a4SAndroid Build Coastguard Workerprctl: arg0 == 15 30*bb4ee6a4SAndroid Build Coastguard Workerrseq: 1 31*bb4ee6a4SAndroid Build Coastguard Workeraccess: 1 32*bb4ee6a4SAndroid Build Coastguard Workerarch_prctl: 1 33*bb4ee6a4SAndroid Build Coastguard Workerbrk: 1 34*bb4ee6a4SAndroid Build Coastguard Workerexit: 1 35*bb4ee6a4SAndroid Build Coastguard Workerfcntl: 1 36*bb4ee6a4SAndroid Build Coastguard Workerfstat: 1 37*bb4ee6a4SAndroid Build Coastguard Workerftruncate: 1 38*bb4ee6a4SAndroid Build Coastguard Workergetcwd: 1 39*bb4ee6a4SAndroid Build Coastguard Workergetrlimit: 1 40*bb4ee6a4SAndroid Build Coastguard Worker# TUNGETFEATURES 41*bb4ee6a4SAndroid Build Coastguard Workerioctl: arg1 == 0x800454CF 42*bb4ee6a4SAndroid Build Coastguard Workermadvise: 1 43*bb4ee6a4SAndroid Build Coastguard Workermemfd_create: 1 44*bb4ee6a4SAndroid Build Coastguard Workermmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE 45*bb4ee6a4SAndroid Build Coastguard Workeropen: 1 46*bb4ee6a4SAndroid Build Coastguard Workeropenat: 1 47*bb4ee6a4SAndroid Build Coastguard Workerprlimit64: arg2 == 0 && arg3 != 0 48*bb4ee6a4SAndroid Build Coastguard Workerrecvmsg: 1 49*bb4ee6a4SAndroid Build Coastguard Workerrestart_syscall: 1 50*bb4ee6a4SAndroid Build Coastguard Workerrt_sigaction: 1 51*bb4ee6a4SAndroid Build Coastguard Workerrt_sigprocmask: 1 52*bb4ee6a4SAndroid Build Coastguard Workersendmsg: 1 53*bb4ee6a4SAndroid Build Coastguard Workerset_tid_address: 1 54*bb4ee6a4SAndroid Build Coastguard Workerstat: 1 55*bb4ee6a4SAndroid Build Coastguard Workerwritev: 1 56