| # Copyright 2021 The ChromiumOS Authors | |
| # Use of this source code is governed by a BSD-style license that can be | |
| # found in the LICENSE file. | |
| # | |
| # This file lists out the seccomp policy for allowed syscalls for | |
| # TextClassifierModel. | |
| # rseq should be first due to frequency and purpose to decrease nptl latency | |
| rseq: 1 | |
| access: 1 | |
| brk: 1 | |
| clock_gettime: 1 | |
| close: 1 | |
| connect: 1 | |
| epoll_ctl: 1 | |
| epoll_wait: 1 | |
| eventfd2: 1 | |
| exit: 1 | |
| exit_group: 1 | |
| faccessat: 1 | |
| faccessat2: 1 | |
| flock: 1 | |
| fstat: 1 | |
| fstatfs: 1 | |
| futex: 1 | |
| getcpu: 1 | |
| getdents64: 1 | |
| getpid: 1 | |
| getrandom: arg2 in ~GRND_RANDOM | |
| gettid: 1 | |
| gettimeofday: 1 | |
| lseek: 1 | |
| memfd_create: 1 | |
| mmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE | |
| mseal: 1 | |
| mprotect: arg2 in ~PROT_EXEC | |
| mremap: 1 | |
| munmap: 1 | |
| newfstatat: 1 | |
| openat: 1 | |
| read: 1 | |
| readlink: 1 | |
| recvmsg: 1 | |
| rt_sigaction: 1 | |
| rt_sigprocmask: 1 | |
| rt_sigtimedwait: 1 | |
| sched_getaffinity: 1 | |
| sendmsg: 1 | |
| sendto: 1 | |
| set_robust_list: 1 | |
| statx: 1 | |
| sysinfo: 1 | |
| uname: 1 | |
| writev: 1 | |
| # for lazy evaluation of brillo::InitLog(), which is called in the control | |
| # process but may not be evaluated until inside the worker process. | |
| socket: arg0 == AF_UNIX | |
| socketpair: arg0 == AF_UNIX | |
| write: 1 | |
| # For emitting perfetto trace events. | |
| clone: arg0 & CLONE_THREAD | |
| fcntl: 1 | |
| ioctl: arg1 == TCGETS | |
| poll: 1 | |
| ppoll: 1 | |
| prctl: 1 | |
| shutdown: 1 |