| Victor Hsieh | dbb8670 | 2020-06-15 09:29:07 -0700 | [diff] [blame] | 1 | # This file is used to populate seccomp's allowlist policy in combination with SYSCALLS.TXT. |
| Victor Hsieh | 2f23ced | 2018-01-17 16:59:12 -0800 | [diff] [blame] | 2 | # Note that the resultant policy is applied only to zygote spawned processes. |
| 3 | # |
| Victor Hsieh | dbb8670 | 2020-06-15 09:29:07 -0700 | [diff] [blame] | 4 | # The final seccomp allowlist is SYSCALLS.TXT - SECCOMP_BLOCKLIST.TXT + SECCOMP_ALLOWLIST.TXT |
| 5 | # Any entry in the blocklist must be in the syscalls file and not be in the allowlist file |
| Victor Hsieh | 2f23ced | 2018-01-17 16:59:12 -0800 | [diff] [blame] | 6 | # |
| Victor Hsieh | 2f23ced | 2018-01-17 16:59:12 -0800 | [diff] [blame] | 7 | # This file is processed by a python script named genseccomp.py. |
| 8 | |
| Elliott Hughes | d55def8 | 2024-07-01 21:46:47 +0000 | [diff] [blame] | 9 | # Syscalls to modify IDs. |
| 10 | # Note: Some privileged syscalls are still needed in app_process after fork but |
| 11 | # before uid change, including capset and setresuid. This is because the seccomp |
| 12 | # filter must be installed while the process still has CAP_SYS_ADMIN; changing |
| 13 | # the uid would remove that capability. |
| 14 | int setgid32(gid_t) lp32 |
| 15 | int setgid(gid_t) lp64 |
| 16 | int setuid32(uid_t) lp32 |
| 17 | int setuid(uid_t) lp64 |
| 18 | int setregid32(gid_t, gid_t) lp32 |
| 19 | int setregid(gid_t, gid_t) lp64 |
| 20 | int setreuid32(uid_t, uid_t) lp32 |
| 21 | int setreuid(uid_t, uid_t) lp64 |
| 22 | int setresgid32(gid_t, gid_t, gid_t) lp32 |
| 23 | int setresgid(gid_t, gid_t, gid_t) lp64 |
| Martijn Coenen | e17fce1 | 2019-01-21 14:29:35 +0100 | [diff] [blame] | 24 | # setresuid is explicitly allowed, see above. |
| Elliott Hughes | d55def8 | 2024-07-01 21:46:47 +0000 | [diff] [blame] | 25 | int setfsgid32(gid_t) lp32 |
| 26 | int setfsgid(gid_t) lp64 |
| 27 | int setfsuid32(uid_t) lp32 |
| 28 | int setfsuid(uid_t) lp64 |
| 29 | int setgroups32(int, const gid_t*) lp32 |
| 30 | int setgroups(int, const gid_t*) lp64 |
| Victor Hsieh | 2f23ced | 2018-01-17 16:59:12 -0800 | [diff] [blame] | 31 | |
| Elliott Hughes | d55def8 | 2024-07-01 21:46:47 +0000 | [diff] [blame] | 32 | # Syscalls to modify times. |
| Victor Hsieh | 2f23ced | 2018-01-17 16:59:12 -0800 | [diff] [blame] | 33 | int adjtimex(struct timex*) all |
| 34 | int clock_adjtime(clockid_t, struct timex*) all |
| 35 | int clock_settime(clockid_t, const struct timespec*) all |
| 36 | int settimeofday(const struct timeval*, const struct timezone*) all |
| 37 | |
| 38 | int acct(const char* filepath) all |
| Elliott Hughes | d55def8 | 2024-07-01 21:46:47 +0000 | [diff] [blame] | 39 | int syslog(int, char*, int) all |
| Victor Hsieh | 2f23ced | 2018-01-17 16:59:12 -0800 | [diff] [blame] | 40 | int chroot(const char*) all |
| 41 | |
| Victor Hsieh | 2f23ced | 2018-01-17 16:59:12 -0800 | [diff] [blame] | 42 | int init_module(void*, unsigned long, const char*) all |
| 43 | int delete_module(const char*, unsigned int) all |
| 44 | int mount(const char*, const char*, const char*, unsigned long, const void*) all |
| 45 | int umount2(const char*, int) all |
| 46 | int swapon(const char*, int) all |
| 47 | int swapoff(const char*) all |
| 48 | int setdomainname(const char*, size_t) all |
| 49 | int sethostname(const char*, size_t) all |
| Elliott Hughes | d55def8 | 2024-07-01 21:46:47 +0000 | [diff] [blame] | 50 | int reboot(int, int, int, void*) all |