Use more inclusive language for seccomp filter
blacklist and whitelist are replaced with blocklist and allowlist
respectively.
Test: CtsSeccompHostTestCases
Change-Id: I39d9eda89038d1addbdaed59284a254a34cea1c6
diff --git a/libc/Android.bp b/libc/Android.bp
index 537b8cc..f4643a9 100644
--- a/libc/Android.bp
+++ b/libc/Android.bp
@@ -2360,11 +2360,11 @@
],
}
-// SECCOMP_BLACKLIST_APP_ZYGOTE.TXT = SECCOMP_BLACKLIST_APP.txt - setresgid*
+// SECCOMP_BLOCKLIST_APP_ZYGOTE.TXT = SECCOMP_BLOCKLIST_APP.txt - setresgid*
genrule {
- name: "generate_app_zygote_blacklist",
- out: ["SECCOMP_BLACKLIST_APP_ZYGOTE.TXT"],
- srcs: ["SECCOMP_BLACKLIST_APP.TXT"],
+ name: "generate_app_zygote_blocklist",
+ out: ["SECCOMP_BLOCKLIST_APP_ZYGOTE.TXT"],
+ srcs: ["SECCOMP_BLOCKLIST_APP.TXT"],
cmd: "grep -v '^int[ \t]*setresgid' $(in) > $(out)",
}
@@ -2377,11 +2377,11 @@
srcs: [
"SYSCALLS.TXT",
- "SECCOMP_WHITELIST_COMMON.TXT",
- "SECCOMP_WHITELIST_APP.TXT",
- "SECCOMP_BLACKLIST_COMMON.TXT",
+ "SECCOMP_ALLOWLIST_COMMON.TXT",
+ "SECCOMP_ALLOWLIST_APP.TXT",
+ "SECCOMP_BLOCKLIST_COMMON.TXT",
"SECCOMP_PRIORITY.TXT",
- ":generate_app_zygote_blacklist",
+ ":generate_app_zygote_blocklist",
":libseccomp_gen_syscall_nrs_arm",
":libseccomp_gen_syscall_nrs_arm64",
":libseccomp_gen_syscall_nrs_x86",
@@ -2405,10 +2405,10 @@
srcs: [
"SYSCALLS.TXT",
- "SECCOMP_WHITELIST_COMMON.TXT",
- "SECCOMP_WHITELIST_APP.TXT",
- "SECCOMP_BLACKLIST_COMMON.TXT",
- "SECCOMP_BLACKLIST_APP.TXT",
+ "SECCOMP_ALLOWLIST_COMMON.TXT",
+ "SECCOMP_ALLOWLIST_APP.TXT",
+ "SECCOMP_BLOCKLIST_COMMON.TXT",
+ "SECCOMP_BLOCKLIST_APP.TXT",
"SECCOMP_PRIORITY.TXT",
":libseccomp_gen_syscall_nrs_arm",
":libseccomp_gen_syscall_nrs_arm64",
@@ -2433,9 +2433,9 @@
srcs: [
"SYSCALLS.TXT",
- "SECCOMP_WHITELIST_COMMON.TXT",
- "SECCOMP_WHITELIST_SYSTEM.TXT",
- "SECCOMP_BLACKLIST_COMMON.TXT",
+ "SECCOMP_ALLOWLIST_COMMON.TXT",
+ "SECCOMP_ALLOWLIST_SYSTEM.TXT",
+ "SECCOMP_BLOCKLIST_COMMON.TXT",
"SECCOMP_PRIORITY.TXT",
":libseccomp_gen_syscall_nrs_arm",
":libseccomp_gen_syscall_nrs_arm64",
diff --git a/libc/SECCOMP_WHITELIST_APP.TXT b/libc/SECCOMP_ALLOWLIST_APP.TXT
similarity index 96%
rename from libc/SECCOMP_WHITELIST_APP.TXT
rename to libc/SECCOMP_ALLOWLIST_APP.TXT
index dc48715..ba40b60 100644
--- a/libc/SECCOMP_WHITELIST_APP.TXT
+++ b/libc/SECCOMP_ALLOWLIST_APP.TXT
@@ -1,4 +1,4 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
# Note that the resultant policy is applied only to zygote spawned processes.
#
# This file is processed by a python script named genseccomp.py.
diff --git a/libc/SECCOMP_WHITELIST_COMMON.TXT b/libc/SECCOMP_ALLOWLIST_COMMON.TXT
similarity index 98%
rename from libc/SECCOMP_WHITELIST_COMMON.TXT
rename to libc/SECCOMP_ALLOWLIST_COMMON.TXT
index 56f9d1d..804676e 100644
--- a/libc/SECCOMP_WHITELIST_COMMON.TXT
+++ b/libc/SECCOMP_ALLOWLIST_COMMON.TXT
@@ -1,4 +1,4 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
# Note that the resultant policy is applied only to zygote spawned processes.
#
# This file is processed by a python script named genseccomp.py.
diff --git a/libc/SECCOMP_WHITELIST_SYSTEM.TXT b/libc/SECCOMP_ALLOWLIST_SYSTEM.TXT
similarity index 78%
rename from libc/SECCOMP_WHITELIST_SYSTEM.TXT
rename to libc/SECCOMP_ALLOWLIST_SYSTEM.TXT
index 266fe30..756affe 100644
--- a/libc/SECCOMP_WHITELIST_SYSTEM.TXT
+++ b/libc/SECCOMP_ALLOWLIST_SYSTEM.TXT
@@ -1,4 +1,4 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
# Note that the resultant policy is applied only to zygote spawned processes.
#
# This file is processed by a python script named genseccomp.py.
diff --git a/libc/SECCOMP_BLACKLIST_COMMON.TXT b/libc/SECCOMP_BLACKLIST_COMMON.TXT
deleted file mode 100644
index 8ae21c1..0000000
--- a/libc/SECCOMP_BLACKLIST_COMMON.TXT
+++ /dev/null
@@ -1,10 +0,0 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
-# Note that the resultant policy is applied only to zygote spawned processes.
-#
-# The final seccomp whitelist is SYSCALLS.TXT - SECCOMP_BLACKLIST.TXT + SECCOMP_WHITELIST.TXT
-# Any entry in the blacklist must be in the syscalls file and not be in the whitelist file
-#
-# This file is processed by a python script named genseccomp.py.
-
-int swapon(const char*, int) all
-int swapoff(const char*) all
diff --git a/libc/SECCOMP_BLACKLIST_APP.TXT b/libc/SECCOMP_BLOCKLIST_APP.TXT
similarity index 89%
rename from libc/SECCOMP_BLACKLIST_APP.TXT
rename to libc/SECCOMP_BLOCKLIST_APP.TXT
index 40ca222..f14e11c 100644
--- a/libc/SECCOMP_BLACKLIST_APP.TXT
+++ b/libc/SECCOMP_BLOCKLIST_APP.TXT
@@ -1,8 +1,8 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
# Note that the resultant policy is applied only to zygote spawned processes.
#
-# The final seccomp whitelist is SYSCALLS.TXT - SECCOMP_BLACKLIST.TXT + SECCOMP_WHITELIST.TXT
-# Any entry in the blacklist must be in the syscalls file and not be in the whitelist file
+# The final seccomp allowlist is SYSCALLS.TXT - SECCOMP_BLOCKLIST.TXT + SECCOMP_ALLOWLIST.TXT
+# Any entry in the blocklist must be in the syscalls file and not be in the allowlist file
#
# This file is processed by a python script named genseccomp.py.
diff --git a/libc/SECCOMP_BLOCKLIST_COMMON.TXT b/libc/SECCOMP_BLOCKLIST_COMMON.TXT
new file mode 100644
index 0000000..22c9844
--- /dev/null
+++ b/libc/SECCOMP_BLOCKLIST_COMMON.TXT
@@ -0,0 +1,10 @@
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
+# Note that the resultant policy is applied only to zygote spawned processes.
+#
+# The final seccomp allowlist is SYSCALLS.TXT - SECCOMP_BLOCKLIST.TXT + SECCOMP_ALLOWLIST.TXT
+# Any entry in the blocklist must be in the syscalls file and not be in the allowlist file
+#
+# This file is processed by a python script named genseccomp.py.
+
+int swapon(const char*, int) all
+int swapoff(const char*) all
diff --git a/libc/SECCOMP_PRIORITY.TXT b/libc/SECCOMP_PRIORITY.TXT
index fb5ad4a..bccc426 100644
--- a/libc/SECCOMP_PRIORITY.TXT
+++ b/libc/SECCOMP_PRIORITY.TXT
@@ -1,4 +1,4 @@
-# This file is used to populate seccomp's whitelist policy in combination with SYSCALLS.TXT.
+# This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT.
# Note that the resultant policy is applied only to zygote spawned processes.
#
# This file is processed by a python script named genseccomp.py.
diff --git a/libc/seccomp/seccomp_policy.cpp b/libc/seccomp/seccomp_policy.cpp
index 65357fc..a42816e 100644
--- a/libc/seccomp/seccomp_policy.cpp
+++ b/libc/seccomp/seccomp_policy.cpp
@@ -140,12 +140,12 @@
Disallow(f);
}
-// This filter is meant to be installed in addition to a regular whitelist filter.
+// This filter is meant to be installed in addition to a regular allowlist filter.
// Therefore, it's default action has to be Allow, except when the evaluated
// system call matches setresuid/setresgid and the arguments don't fall within the
// passed in range.
//
-// The regular whitelist only allows setresuid/setresgid for UID/GID changes, so
+// The regular allowlist only allows setresuid/setresgid for UID/GID changes, so
// that's the only system call we need to check here. A CTS test ensures the other
// calls will remain blocked.
static void ValidateSetUidGid(filter& f, uint32_t uid_gid_min, uint32_t uid_gid_max, bool primary) {
diff --git a/libc/tools/genseccomp.py b/libc/tools/genseccomp.py
index ba7e2ca..89eeb44 100755
--- a/libc/tools/genseccomp.py
+++ b/libc/tools/genseccomp.py
@@ -56,12 +56,12 @@
return priorities
-def merge_names(base_names, whitelist_names, blacklist_names):
- if bool(blacklist_names - base_names):
- raise RuntimeError("Blacklist item not in bionic - aborting " + str(
- blacklist_names - base_names))
+def merge_names(base_names, allowlist_names, blocklist_names):
+ if bool(blocklist_names - base_names):
+ raise RuntimeError("blocklist item not in bionic - aborting " + str(
+ blocklist_names - base_names))
- return (base_names - blacklist_names) | whitelist_names
+ return (base_names - blocklist_names) | allowlist_names
def extract_priority_syscalls(syscalls, priorities):
@@ -230,19 +230,19 @@
def gen_policy(name_modifier, out_dir, base_syscall_file, syscall_files, syscall_NRs, priority_file):
for arch in SupportedArchitectures:
base_names = load_syscall_names_from_file(base_syscall_file, arch)
- whitelist_names = set()
- blacklist_names = set()
+ allowlist_names = set()
+ blocklist_names = set()
for f in syscall_files:
- if "blacklist" in f.lower():
- blacklist_names |= load_syscall_names_from_file(f, arch)
+ if "blocklist" in f.lower():
+ blocklist_names |= load_syscall_names_from_file(f, arch)
else:
- whitelist_names |= load_syscall_names_from_file(f, arch)
+ allowlist_names |= load_syscall_names_from_file(f, arch)
priorities = []
if priority_file:
priorities = load_syscall_priorities_from_file(priority_file)
allowed_syscalls = []
- for name in merge_names(base_names, whitelist_names, blacklist_names):
+ for name in merge_names(base_names, allowlist_names, blocklist_names):
try:
allowed_syscalls.append((name, syscall_NRs[arch][name]))
except:
@@ -274,8 +274,8 @@
help=("The path of the input files. In order to "
"simplify the build rules, it can take any of the "
"following files: \n"
- "* /blacklist.*\.txt$/ syscall blacklist.\n"
- "* /whitelist.*\.txt$/ syscall whitelist.\n"
+ "* /blocklist.*\.txt$/ syscall blocklist.\n"
+ "* /allowlist.*\.txt$/ syscall allowlist.\n"
"* /priority.txt$/ priorities for bpf rules.\n"
"* otherwise, syscall name-number mapping.\n"))
args = parser.parse_args()
diff --git a/libc/tools/test_genseccomp.py b/libc/tools/test_genseccomp.py
index 0c2699a..812218e 100755
--- a/libc/tools/test_genseccomp.py
+++ b/libc/tools/test_genseccomp.py
@@ -29,20 +29,20 @@
int fchown:fchown(int, uid_t, gid_t) arm64,x86_64
"""))
- whitelist = cStringIO.StringIO(textwrap.dedent("""\
+ allowlist = cStringIO.StringIO(textwrap.dedent("""\
ssize_t read(int, void*, size_t) all
"""))
empty = cStringIO.StringIO(textwrap.dedent("""\
"""))
- names = genseccomp.get_names([bionic, whitelist, empty], "arm")
+ names = genseccomp.get_names([bionic, allowlist, empty], "arm")
bionic.seek(0)
- whitelist.seek(0)
+ allowlist.seek(0)
empty.seek(0)
- names64 = genseccomp.get_names([bionic, whitelist, empty], "arm64")
+ names64 = genseccomp.get_names([bionic, allowlist, empty], "arm64")
bionic.seek(0)
- whitelist.seek(0)
+ allowlist.seek(0)
empty.seek(0)
self.assertIn("fchown", names64)
@@ -52,45 +52,45 @@
self.assertIn("read", names)
self.assertIn("read", names64)
- # Blacklist item must be in bionic
- blacklist = cStringIO.StringIO(textwrap.dedent("""\
+ # Blocklist item must be in bionic
+ blocklist = cStringIO.StringIO(textwrap.dedent("""\
int fchown2:fchown2(int, uid_t, gid_t) arm64,x86_64
"""))
with self.assertRaises(RuntimeError):
- genseccomp.get_names([bionic, whitelist, blacklist], "arm")
+ genseccomp.get_names([bionic, allowlist, blocklist], "arm")
bionic.seek(0)
- whitelist.seek(0)
- blacklist.seek(0)
+ allowlist.seek(0)
+ blocklist.seek(0)
- # Test blacklist item is removed
- blacklist = cStringIO.StringIO(textwrap.dedent("""\
+ # Test blocklist item is removed
+ blocklist = cStringIO.StringIO(textwrap.dedent("""\
int fchown:fchown(int, uid_t, gid_t) arm64,x86_64
"""))
- names = genseccomp.get_names([bionic, whitelist, blacklist], "arm64")
+ names = genseccomp.get_names([bionic, allowlist, blocklist], "arm64")
bionic.seek(0)
- whitelist.seek(0)
- blacklist.seek(0)
+ allowlist.seek(0)
+ blocklist.seek(0)
self.assertIn("read", names)
self.assertNotIn("fchown", names)
- # Blacklist item must not be in whitelist
- whitelist = cStringIO.StringIO(textwrap.dedent("""\
+ # Blocklist item must not be in allowlist
+ allowlist = cStringIO.StringIO(textwrap.dedent("""\
int fchown:fchown(int, uid_t, gid_t) arm64,x86_64
"""))
with self.assertRaises(RuntimeError):
- genseccomp.get_names([empty, whitelist, blacklist], "arm")
+ genseccomp.get_names([empty, allowlist, blocklist], "arm")
empty.seek(0)
- whitelist.seek(0)
- blacklist.seek(0)
+ allowlist.seek(0)
+ blocklist.seek(0)
- # No dups in bionic and whitelist
- whitelist = cStringIO.StringIO(textwrap.dedent("""\
+ # No dups in bionic and allowlist
+ allowlist = cStringIO.StringIO(textwrap.dedent("""\
int __llseek:_llseek(int, unsigned long, unsigned long, off64_t*, int) arm,x86
"""))
with self.assertRaises(RuntimeError):
- genseccomp.get_names([bionic, whitelist, empty], "arm")
+ genseccomp.get_names([bionic, allowlist, empty], "arm")
bionic.seek(0)
- whitelist.seek(0)
+ allowlist.seek(0)
empty.seek(0)
def test_convert_names_to_NRs(self):
@@ -186,14 +186,14 @@
int fchown:fchown(int, uid_t, gid_t) arm64,x86_64
"""))
- whitelist = cStringIO.StringIO(textwrap.dedent("""\
+ allowlist = cStringIO.StringIO(textwrap.dedent("""\
ssize_t read(int, void*, size_t) all
"""))
- blacklist = cStringIO.StringIO(textwrap.dedent("""\
+ blocklist = cStringIO.StringIO(textwrap.dedent("""\
"""))
- syscall_files = [syscalls, whitelist, blacklist]
+ syscall_files = [syscalls, allowlist, blocklist]
output = genseccomp.construct_bpf(syscall_files, "arm", self.get_headers("arm"),
self.get_switches("arm"))