1# Copyright (c) 2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14# For now, it supports architechture of ['arm', 'arm64', 'riscv64']. 15 16@returnValue 17TRAP 18 19@headFiles 20<linux/sched.h> 21<stdint.h> 22 23@priority 24ioctl;all 25futex;all 26 27@allowList 28io_setup;all 29io_destroy;all 30io_submit;all 31io_cancel;all 32io_getevents;all 33setxattr;all 34lsetxattr;all 35fsetxattr;all 36getxattr;all 37lgetxattr;all 38fgetxattr;all 39listxattr;all 40llistxattr;all 41flistxattr;all 42removexattr;all 43lremovexattr;all 44fremovexattr;all 45getcwd;all 46eventfd2;all 47epoll_create1;all 48epoll_ctl;all 49epoll_pwait;all 50dup;all 51dup3;all 52fcntl;all 53inotify_init1;all 54inotify_add_watch;all 55inotify_rm_watch;all 56ioctl;all 57ioprio_set;arm64 58ioprio_set;riscv64 59ioprio_get;arm64 60ioprio_get;riscv64 61flock;all 62mknodat;all 63mkdirat;all 64unlinkat;all 65symlinkat;all 66linkat;all 67renameat;arm 68renameat;arm64 69pivot_root;riscv64 70statfs;arm64 71statfs;riscv64 72fstatfs;arm64 73fstatfs;riscv64 74truncate;all 75ftruncate;arm64 76ftruncate;riscv64 77fallocate;all 78faccessat;all 79chdir;all 80fchdir;all 81fchmod;all 82fchmodat;all 83fchownat;all 84fchown;arm64 85fchown;riscv64 86openat;all 87close;all 88pipe2;all 89quotactl;all 90getdents64;all 91lseek;all 92read;all 93write;all 94readv;all 95writev;all 96pread64;all 97pwrite64;all 98preadv;all 99pwritev;all 100sendfile;all 101pselect6;all 102ppoll;all 103signalfd4;all 104vmsplice;all 105splice;all 106tee;all 107readlinkat;all 108newfstatat;arm64 109newfstatat;riscv64 110fstat;arm64 111fstat;riscv64 112sync;all 113fsync;all 114fdatasync;all 115sync_file_range;arm64 116sync_file_range;riscv64 117timerfd_create;all 118timerfd_settime;all 119timerfd_gettime;all 120utimensat;all 121capget;all 122capset;all 123personality;all 124exit;all 125exit_group;all 126waitid;all 127set_tid_address;all 128futex;all 129nanosleep;all 130getitimer;all 131setitimer;all 132timer_create;all 133timer_gettime;all 134timer_getoverrun;all 135timer_settime;all 136timer_delete;all 137clock_gettime;all 138clock_getres;all 139clock_nanosleep;all 140ptrace;all 141sched_setparam;all 142sched_setscheduler;all 143sched_getscheduler;all 144sched_getparam;all 145sched_setaffinity;all 146sched_getaffinity;all 147sched_yield;all 148sched_get_priority_max;all 149sched_get_priority_min;all 150sched_rr_get_interval;all 151restart_syscall;all 152kill;all 153tkill;all 154tgkill;all 155sigaltstack;all 156rt_sigsuspend;all 157rt_sigaction;all 158rt_sigprocmask;all 159rt_sigpending;all 160rt_sigtimedwait;all 161rt_sigqueueinfo;all 162rt_sigreturn;all 163setpriority;all 164getpriority;all 165setresuid;arm64 166setresuid;riscv64 167getresuid;arm64 168getresuid;riscv64 169getresgid;arm64 170getresgid;riscv64 171times;all 172setpgid;all 173getpgid;all 174getsid;all 175setsid;all 176getgroups;arm64 177getgroups;riscv64 178uname;all 179getrlimit;arm64 180getrlimit;riscv64 181setrlimit;all 182getrusage;all 183umask;all 184prctl;all 185getcpu;all 186gettimeofday;all 187getpid;all 188getppid;all 189getuid;all 190geteuid;arm64 191geteuid;riscv64 192getgid;arm64 193getgid;riscv64 194getegid;arm64 195getegid;riscv64 196gettid;all 197sysinfo;all 198socket;all 199socketpair;all 200bind;all 201listen;all 202accept;all 203connect;all 204getsockname;all 205getpeername;all 206sendto;all 207recvfrom;all 208setsockopt;all 209getsockopt;all 210shutdown;all 211sendmsg;all 212recvmsg;all 213readahead;all 214brk;all 215munmap;all 216mremap;all 217execve;all 218mmap;arm64 219mmap;riscv64 220fadvise64;arm64 221fadvise64;riscv64 222mprotect;all 223msync;all 224mlock;all 225munlock;all 226mlockall;all 227munlockall;all 228mincore;all 229madvise;all 230rt_tgsigqueueinfo;all 231perf_event_open;all 232accept4;all 233recvmmsg;all 234wait4;all 235prlimit64;all 236syncfs;all 237sendmmsg;all 238process_vm_readv;all 239process_vm_writev;all 240sched_setattr;all 241sched_getattr;all 242renameat2;all 243seccomp;all 244getrandom;all 245memfd_create;all 246execveat;all 247userfaultfd;all 248membarrier;all 249mlock2;all 250copy_file_range;all 251preadv2;all 252pwritev2;all 253statx;all 254pidfd_send_signal;all 255pidfd_open;all 256pidfd_getfd;all 257faccessat2;all 258process_madvise;all 259set_robust_list;all 260fork;arm 261open;arm 262creat;arm 263link;arm 264unlink;arm 265chmod;arm 266access;arm 267rename;arm 268mkdir;arm 269rmdir;arm 270pipe;arm 271dup2;arm 272sigaction;arm 273symlink;arm 274readlink;arm 275sigreturn;arm 276_llseek;arm 277getdents;arm 278_newselect;arm 279poll;arm 280vfork;arm 281ugetrlimit;arm 282mmap2;arm 283truncate64;arm 284ftruncate64;arm 285stat64;arm 286lstat64;arm 287fstat64;arm 288lchown32;arm 289getuid32;arm 290getgid32;arm 291geteuid32;arm 292getegid32;arm 293getgroups32;arm 294fchown32;arm 295setresuid32;arm 296getresuid32;arm 297getresgid32;arm 298chown32;arm 299fcntl64;arm 300sendfile64;arm 301epoll_create;arm 302epoll_wait;arm 303remap_file_pages;arm 304statfs64;arm 305fstatfs64;arm 306fadvise64_64;arm 307inotify_init;arm 308fstatat64;arm 309sync_file_range2;arm 310eventfd;arm 311clock_gettime64;arm 312clock_settime64;arm 313clock_adjtime64;arm 314clock_getres_time64;arm 315clock_nanosleep_time64;arm 316timer_gettime64;arm 317timer_settime64;arm 318timerfd_gettime64;arm 319timerfd_settime64;arm 320utimensat_time64;arm 321pselect6_time64;arm 322ppoll_time64;arm 323recvmmsg_time64;arm 324semtimedop_time64;arm 325rt_sigtimedwait_time64;arm 326futex_time64;arm 327sched_rr_get_interval_time64;arm 328cacheflush;arm 329set_tls;arm 330 331@allowListWithArgs 332clone: if (arg0 & (CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWCGROUP | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER)) == 0 ; return ALLOW; else return TRAP;all 333