1# Copyright (c) 2024 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14# For now, it supports architechture of ['arm', 'arm64']. 15 16@returnValue 17TRAP 18 19@headFiles 20<linux/sched.h> 21<stdint.h> 22 23@priority 24ioctl;all 25futex;all 26 27@allowList 28io_setup;all 29io_destroy;all 30io_submit;all 31io_cancel;all 32io_getevents;all 33setxattr;all 34lsetxattr;all 35fsetxattr;all 36getxattr;all 37lgetxattr;all 38fgetxattr;all 39listxattr;all 40llistxattr;all 41flistxattr;all 42removexattr;all 43lremovexattr;all 44fremovexattr;all 45getcwd;all 46eventfd2;all 47epoll_create1;all 48epoll_ctl;all 49epoll_pwait;all 50dup;all 51dup3;all 52fcntl;all 53inotify_init1;all 54inotify_add_watch;all 55inotify_rm_watch;all 56ioctl;all 57ioprio_set;arm64 58ioprio_get;arm64 59flock;all 60mknodat;all 61mkdirat;all 62unlinkat;all 63symlinkat;all 64linkat;all 65renameat;arm 66renameat;arm64 67statfs;arm64 68fstatfs;arm64 69truncate;all 70ftruncate;arm64 71fallocate;all 72faccessat;all 73chdir;all 74fchdir;all 75fchmod;all 76fchmodat;all 77fchownat;all 78fchown;arm64 79openat;all 80close;all 81pipe2;all 82quotactl;all 83getdents64;all 84lseek;all 85read;all 86write;all 87readv;all 88writev;all 89pread64;all 90pwrite64;all 91preadv;all 92pwritev;all 93pselect6;all 94ppoll;all 95signalfd4;all 96splice;all 97tee;all 98readlinkat;all 99newfstatat;arm64 100fstat;arm64 101sync;all 102fsync;all 103fdatasync;all 104sync_file_range;arm64 105timerfd_create;all 106timerfd_settime;all 107timerfd_gettime;all 108utimensat;all 109capget;all 110capset;all 111personality;all 112exit;all 113exit_group;all 114waitid;all 115set_tid_address;all 116futex;all 117nanosleep;all 118getitimer;all 119setitimer;all 120timer_create;all 121timer_gettime;all 122timer_getoverrun;all 123timer_settime;all 124timer_delete;all 125clock_gettime;all 126clock_getres;all 127clock_nanosleep;all 128ptrace;all 129sched_setparam;all 130sched_setscheduler;all 131sched_getscheduler;all 132sched_getparam;all 133sched_setaffinity;all 134sched_getaffinity;all 135sched_yield;all 136sched_get_priority_max;all 137sched_get_priority_min;all 138sched_rr_get_interval;all 139restart_syscall;all 140kill;all 141tkill;all 142tgkill;all 143sigaltstack;all 144rt_sigsuspend;all 145rt_sigaction;all 146rt_sigprocmask;all 147rt_sigpending;all 148rt_sigtimedwait;all 149rt_sigqueueinfo;all 150rt_sigreturn;all 151setpriority;all 152getpriority;all 153setresuid;arm64 154getresuid;arm64 155getresgid;arm64 156times;all 157setpgid;all 158getpgid;all 159getsid;all 160setsid;all 161getgroups;arm64 162uname;all 163getrlimit;arm64 164setrlimit;all 165getrusage;all 166umask;all 167prctl;all 168getcpu;all 169gettimeofday;all 170getpid;all 171getppid;all 172getuid;all 173geteuid;arm64 174getgid;arm64 175getegid;arm64 176gettid;all 177sysinfo;all 178socket;all 179bind;all 180connect;all 181sendto;all 182recvfrom;all 183setsockopt;all 184getsockopt;all 185recvmsg;all 186readahead;all 187brk;all 188munmap;all 189mremap;all 190execve;all 191mmap;arm64 192fadvise64;arm64 193mprotect;all 194msync;all 195mlock;all 196munlock;all 197mlockall;all 198munlockall;all 199mincore;all 200madvise;all 201rt_tgsigqueueinfo;all 202perf_event_open;all 203wait4;all 204prlimit64;all 205syncfs;all 206sendmmsg;all 207process_vm_readv;all 208process_vm_writev;all 209sched_setattr;all 210sched_getattr;all 211renameat2;all 212seccomp;all 213getrandom;all 214memfd_create;all 215execveat;all 216userfaultfd;all 217membarrier;all 218mlock2;all 219copy_file_range;all 220preadv2;all 221pwritev2;all 222statx;all 223pidfd_send_signal;all 224pidfd_open;all 225pidfd_getfd;all 226faccessat2;all 227process_madvise;all 228set_robust_list;all 229fork;arm 230open;arm 231creat;arm 232link;arm 233unlink;arm 234chmod;arm 235access;arm 236rename;arm 237mkdir;arm 238rmdir;arm 239pipe;arm 240dup2;arm 241sigaction;arm 242symlink;arm 243readlink;arm 244sigreturn;arm 245_llseek;arm 246getdents;arm 247_newselect;arm 248poll;arm 249vfork;arm 250ugetrlimit;arm 251mmap2;arm 252truncate64;arm 253ftruncate64;arm 254stat64;arm 255lstat64;arm 256fstat64;arm 257lchown32;arm 258getuid32;arm 259getgid32;arm 260geteuid32;arm 261getegid32;arm 262getgroups32;arm 263fchown32;arm 264setresuid32;arm 265getresuid32;arm 266getresgid32;arm 267chown32;arm 268fcntl64;arm 269epoll_create;arm 270epoll_wait;arm 271remap_file_pages;arm 272statfs64;arm 273fstatfs64;arm 274fadvise64_64;arm 275inotify_init;arm 276fstatat64;arm 277sync_file_range2;arm 278eventfd;arm 279clock_gettime64;arm 280clock_settime64;arm 281clock_adjtime64;arm 282clock_getres_time64;arm 283clock_nanosleep_time64;arm 284timer_gettime64;arm 285timer_settime64;arm 286timerfd_gettime64;arm 287timerfd_settime64;arm 288utimensat_time64;arm 289pselect6_time64;arm 290ppoll_time64;arm 291semtimedop_time64;arm 292rt_sigtimedwait_time64;arm 293futex_time64;arm 294sched_rr_get_interval_time64;arm 295cacheflush;arm 296set_tls;arm 297 298@allowListWithArgs 299clone: if (arg0 & (CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWCGROUP | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER)) == 0 ; return ALLOW; else return TRAP;all 300