Revert system seccomp filter changes
521b41 "Allow system processes to use vfork"
ed74ab "Move some syscalls in commmon whitelist to app"
An implementation bug actually assigns the system seccomp filter to all
processes after zygote forks.
Test: the apps in the bug no longer crashes.
Bug: 76461821
diff --git a/libc/SECCOMP_WHITELIST_COMMON.TXT b/libc/SECCOMP_WHITELIST_COMMON.TXT
index 08a2c2b..a620b44 100644
--- a/libc/SECCOMP_WHITELIST_COMMON.TXT
+++ b/libc/SECCOMP_WHITELIST_COMMON.TXT
@@ -39,9 +39,6 @@
int fstat64|fstat:fstat(int, struct stat*) mips64
int _flush_cache:cacheflush(char* addr, const int nbytes, const int op) mips64
-# vfork is used by java.lang.ProcessBuilder
-pid_t vfork:vfork() arm,x86,x86_64
-
# Needed for performance tools
int perf_event_open:perf_event_open(struct perf_event_attr *attr, pid_t pid, int cpu, int group_fd, unsigned long flags) all
@@ -54,11 +51,59 @@
# syscalls needed to boot android
int sigreturn:sigreturn(unsigned long __unused) arm,x86,mips
+# Syscalls needed to run GFXBenchmark
+pid_t vfork:vfork() arm,x86,x86_64
+
+# Needed for debugging 32-bit Chrome
+int pipe:pipe(int pipefd[2]) arm,x86,mips
+
+# b/34651972
+int access:access(const char *pathname, int mode) arm,x86,mips
+int stat64:stat64(const char*, struct stat64*) arm,x86,mips
+
+# b/34813887
+int open:open(const char *path, int oflag, ... ) arm,x86,mips
+int getdents:getdents(unsigned int fd, struct linux_dirent *dirp, unsigned int count) arm,x86,mips
+
+# b/34719286
+int eventfd:eventfd(unsigned int initval, int flags) arm,x86,mips
+
+# b/34817266
+int epoll_wait:epoll_wait(int epfd, struct epoll_event *events, int maxevents, int timeout) arm,x86,mips
+
# Needed by sanitizers (b/34606909)
# 5 (__NR_open) and 195 (__NR_stat64) are also required, but they are
# already allowed.
ssize_t readlink:readlink(const char *path, char *buf, size_t bufsiz) arm,x86,mips
+# b/34908783
+int epoll_create:epoll_create(int size) arm,x86,mips
+
+# b/34979910
+int creat:creat(const char *pathname, mode_t mode) arm,x86,mips
+int unlink:unlink(const char *pathname) arm,x86,mips
+
+# b/35059702
+int lstat64:lstat64(const char*, struct stat64*) arm,x86,mips
+
+# b/35217603
+int fcntl:fcntl(int fd, int cmd, ... /* arg */ ) arm,x86,mips
+pid_t fork:fork() arm,x86,mips
+int poll:poll(struct pollfd *fds, nfds_t nfds, int timeout) arm,x86,mips
+
+# b/35906875. Note mips already has getuid from SYSCALLS.TXT
+int inotify_init() arm,x86,mips
+uid_t getuid() arm,x86
+
+# b/36435222
+int remap_file_pages(void *addr, size_t size, int prot, size_t pgoff, int flags) arm,x86,mips
+
+# b/36449658
+int rename(const char *oldpath, const char *newpath) arm,x86,mips
+
+# b/36726183. Note arm does not support mmap
+void* mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset) x86,mips
+
# Useful new syscalls which we don't yet use in bionic.
int sched_getattr(pid_t pid, struct sched_attr* attr, unsigned int flags) all
int sched_setattr(pid_t pid, struct sched_attr* attr, unsigned int size, unsigned int flags) all
@@ -74,3 +119,12 @@
int io_submit(aio_context_t ctx, long nr, struct iocb **iocbpp) all
int io_getevents(aio_context_t ctx, long min_nr, long max_nr, struct io_event *events, struct timespec *timeout) all
int io_cancel(aio_context_t ctx, struct iocb *, struct io_event *result) all
+
+# b/37769298
+int dup2(int oldfd, int newfd) arm,x86,mips
+
+# b/62779795
+int compat_select:_newselect(int n, unsigned long* inp, unsigned long* outp, unsigned long* exp, struct timeval* timeout) arm,x86,mips
+
+# b/62090571
+int mkdir(const char *pathname, mode_t mode) arm,x86,mips