1# Restricted musl libc APIs 2 3## Overview 4 5You may need to use musl libc APIs when developing your app with the NDK. However, some musl libc APIs cannot be used due to system or environment restrictions. Errors may occur when some musl libc APIs are used with DevEco Studio. This topic helps you learn about the musl libc APIs that cannot be used with the NDK. 6 7## Scenarios 8 9The use of musl libc APIs may be restricted by the following factors: 10 111. The use of the musl libc API is restricted by the secure computing (seccomp) mechanism.<!--Del--> 12 For details about the seccomp mechanism, see [Seccomp Policy Development](../../../device-dev/subsystems/subsys-boot-init-seccomp.md).<!--DelEnd--> 13 14 A common error caused by seccomp is as follows: 15 - Top function is the musl function in stacktrace. 16 - The reason is "signal:SIGSYS", as shown in the following example: 17 ``` 18 Process name:com.example.myapplication 19 Reason:Signal:SIGSYS(UNKNOWN) 20 Fault thread Info: 21 Tid:13893, Name:e.myapplication 22 #00 pc 000a5d30 /system/lib/ld-musl-arm.so.1(sethostname+16)(584c9d0a0e9000497bb0d66799a9526a) 23 #01 pc 00002f68 /data/storage/el1/bundle/libs/arm/libentry.so(test()+64) 24 ``` 25 262. The API cannot be used because it is a kernel API that is not exposed. 27 283. The use of the musl libc API is restricted by SELinux.<!--Del--> 29 For details about SELinux, see [OpenHarmony SELinux Overview](../../../device-dev/subsystems/subsys-security-selinux-overview.md).<!--DelEnd--> 30 314. The use of the musl libc API is restricted by the sandbox mechanism. For details about the sandbox mechanism, see [Application Sandbox](../../file-management/app-sandbox-directory.md). 32 335. The musl libc API is a null implementation or failed by default. 34 356. The API can be executed after special permissions are granted. 36 37## Restricted musl libc APIs 38 39The following table lists the musl libc APIs that cannot be used. 40 41| Restricted By | Header File | Symbol | 42| -------------------- | ------------ | ---------------- | 43| seccomp | sys/fsuid.h | setfsgid | 44| seccomp | sys/fsuid.h | setfsuid | 45| seccomp | unistd.h | setgid | 46| seccomp | unistd.h | setegid | 47| seccomp | unistd.h | setreuid | 48| seccomp | unistd.h | setregid | 49| seccomp | unistd.h | setresgid | 50| seccomp | unistd.h | setgroups | 51| seccomp | unistd.h | chroot | 52| seccomp | unistd.h | sethostname | 53| seccomp | unistd.h | setdomainname | 54| seccomp | unistd.h | acct | 55| seccomp | sys/xattr.h | setxattr | 56| seccomp | time.h | clock_settime | 57| seccomp | time.h | settimeofday | 58| seccomp | sys/stat.h | mknod | 59| seccomp | sys/stat.h | mknodat | 60| seccomp | sys/stat.h | mkfifo | 61| seccomp | fcntl.h | name_to_handle_at | 62| seccomp | fcntl.h | open_by_handle_at | 63| seccomp | sys/klog.h | klogctl | 64| seccomp | sys/swap.h | swapon | 65| seccomp | sys/swap.h | swapoff | 66| seccomp | sys/sem.h | semctl | 67| seccomp | sys/sem.h | semop | 68| seccomp | sys/sem.h | semtimedop | 69| seccomp | sys/mount.h | mount | 70| seccomp | sys/mount.h | umount2 | 71| seccomp | sys/mount.h | umount | 72| seccomp | sys/msg.h | msgctl | 73| seccomp | sys/msg.h | msgget | 74| seccomp | sys/msg.h | msgrcv | 75| seccomp | sys/msg.h | msgsnd | 76| seccomp | grp.h | initgroups | 77| seccomp | grp.h | init_module | 78| seccomp | sched.h | unshare | 79| seccomp | sched.h | setns | 80| seccomp | None | pivot_root | 81| Kernel API not exposed| sys/fanotify.h | fanotify_init | 82| Kernel API not exposed| sys/fanotify.h | fanotify_mark | 83| Kernel API not exposed| syslog.h | syslog | 84| Kernel API not exposed| syslog.h | vsyslog | 85| SELinux | pty.h | forkpty | 86| SELinux | pty.h | openpty | 87| SELinux | stdlib.h | ptsname | 88| SELinux | stdlib.h | ptsname_r | 89| SELinux | stdlib.h | posix_openpt | 90| SELinux | stdlib.h | unlockpt | 91| SELinux | sys/shm.h | shmget | 92| SELinux | sys/shm.h | shmat | 93| SELinux | sys/shm.h | shmdt | 94| SELinux | sys/shm.h | shmctl | 95| SELinux | sys/sem.h | semget | 96| SELinux | stdio.h | popen | 97| SELinux | stdio.h | pclose | 98| SELinux | unistd.h | tcgetpgrp | 99| SELinux | unistd.h | tcsetpgrp | 100| SELinux | unistd.h | link | 101| SELinux | unistd.h | linkat | 102| SELinux | unistd.h | readlink | 103| SELinux | unistd.h | readlinkat | 104| SELinux | unistd.h | symlink | 105| SELinux | unistd.h | symlinkat | 106| SELinux | sys/stat.h | mkfifoat | 107| SELinux | termios | tcgetattr | 108| SELinux | termios | tcsetattr | 109| SELinux | termios | tcsendbreak | 110| SELinux | termios | tcdrain | 111| SELinux | termios | tcflush | 112| SELinux | termios | tcflow | 113| SELinux | termios | tcgetsid | 114| SELinux | net/if.h | if_indextoname | 115| SELinux | net/if.h | if_nametoindex | 116| Sandbox | stdio.h | tmpfile | 117| Sandbox | stdio.h | tmpfile64 | 118| Sandbox | nl_type.h | catgets | 119| Sandbox | nl_type.h | catclose | 120| Null implementation or failed by default | utmp.h | setutent | 121| Null implementation or failed by default | utmp.h | pututline | 122| Null implementation or failed by default | utmp.h | getutent | 123| Null implementation or failed by default | utmp.h | utmpname | 124| Null implementation or failed by default | unistd.h | brk | 125| Null implementation or failed by default | stdio_ext.h | __fsetlocking | 126| Null implementation or failed by default | netdb.h | getnetbyaddr | 127| Null implementation or failed by default | netdb.h | getnetbyname | 128| **CAP_SYS_ADMIN** permission required| None | pivot_root | 129