1# Copyright (c) 2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14# For now, it supports architechture of ['arm', 'arm64', 'riscv64']. 15 16@returnValue 17TRAP 18 19@headFiles 20"seccomp_policy_constants.h" 21 22@mode 23ONLY_CHECK_ARGS 24 25@allowListWithArgs 26setresuid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS && arg2 >= START_UID_FOR_RENDER_PROCESS && arg2 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all 27setresgid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS && arg2 >= START_UID_FOR_RENDER_PROCESS && arg2 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all 28setresuid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS && arg2 >= START_UID_FOR_RENDER_PROCESS && arg2 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm 29setresgid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS && arg2 >= START_UID_FOR_RENDER_PROCESS && arg2 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm 30setuid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all 31setgid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all 32setuid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm 33setgid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm 34setreuid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all 35setregid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all 36setreuid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm 37setregid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm 38setfsuid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all 39setfsgid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all 40setfsuid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm 41setfsgid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm 42 43