## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## Seccomp whitelist.
##
## Syntax:
## [syscall] [argument number] [argument]

_llseek
_newselect
accept
accept4
access
alarm
arch_prctl
bind
brk
cacheflush
capget
capset
chdir
chmod
chown
chown32
chroot
clock_getres
clock_gettime
clock_nanosleep
clone
close
connect
copy_file_range
creat
dup
dup2
dup3
epoll_create
epoll_create1
epoll_ctl
epoll_pwait
epoll_wait
eventfd
eventfd2
execve
execveat
exit
exit_group
faccessat
fadvise64
fadvise64_64
fallocate
fanotify_mark
fchdir
fchmod
fchmodat
fchown
fchown32
fchownat
fcntl
fcntl64
fdatasync
fgetxattr
flistxattr
flock
fork
fremovexattr
fsetxattr
fstat
fstat64
fstatat64
fstatfs
fstatfs64
fsync
ftruncate
ftruncate64
futex
futimesat
get_robust_list
get_thread_area
getcpu
getcwd
getdents
getdents64
getegid
getegid32
geteuid
geteuid32
getgid
getgid32
getgroups
getgroups32
getitimer
getpeername
getpgid
getpgrp
getpid
getppid
getpriority
getrandom
getresgid
getresgid32
getresuid
getresuid32
getrlimit
getrusage
getsid
getsockname
getsockopt
gettid
gettimeofday
getuid
getuid32
getxattr
inotify_add_watch
inotify_init
inotify_init1
inotify_rm_watch
ioctl 1 FICLONE
ioctl 1 FIOCLEX
ioctl 1 FIONBIO
ioctl 1 FIONREAD
ioctl 1 RNDGETENTCNT
ioctl 1 SIOCGIWMODE
ioctl 1 TCGETS
ioctl 1 TCSETS
ioctl 1 TCSETSW
ioctl 1 TIOCGPGRP
ioctl 1 TIOCGWINSZ
ioctl 1 TIOCSPGRP
ioctl 1 TIOCSWINSZ
ioctl 1 VT_GETSTATE
ioprio_get
ipc
kill
lchown
lchown32
lgetxattr
link
linkat
listen
listxattr
llistxattr
lremovexattr
lseek
lsetxattr
lstat
lstat64
madvise
membarrier
memfd_create
mincore
mkdir
mkdirat

# We don't need to allow creation of char/block devices.
mknod 1 S_IFREG
mknod 1 S_IFIFO
mknod 1 S_IFSOCK
mknodat 1 S_IFREG
mknodat 1 S_IFIFO
mknodat 1 S_IFSOCK

mlock
mlock2
mlockall
mq_getsetattr
mq_notify
mq_open
mq_timedreceive
mq_timedsend
mq_unlink
mremap
msgctl
msgget
msgrcv
msgsnd
msync
munlock
munlockall
munmap
nanosleep
newfstatat
nice
oldfstat
oldlstat
oldolduname
oldstat
olduname
open
openat
pause
pipe
pipe2
pkey_alloc
pkey_free
poll
ppoll
prctl
pread64
preadv
preadv2
prlimit64
pselect6
pwrite64
pwritev
pwritev2
quotactl
read
readahead
readdir
readlink
readlinkat
readv
recv
recvfrom
recvmsg
recvmmsg
removexattr
rename
renameat
renameat2
restart_syscall
rmdir
rt_sigaction
rt_sigpending
rt_sigprocmask
rt_sigqueueinfo
rt_sigreturn
rt_sigsuspend
rt_sigtimedwait
rt_tgsigqueueinfo
s390_pci_mmio_read
s390_pci_mmio_write
s390_sthyi
sched_get_priority_max
sched_get_priority_min
sched_getaffinity
sched_getattr
sched_getparam
sched_getscheduler
sched_rr_get_interval
sched_setaffinity
sched_setattr
sched_setparam
sched_setscheduler
sched_yield
seccomp
select
semctl
semget
semop
semtimedop
send
sendfile
sendfile64
sendmmsg
sendmsg
sendto
set_robust_list
set_thread_area
set_tid_address
setfsgid
setfsgid32
setfsuid
setfsuid32
setgid
setgid32
setgroups
setgroups32
setitimer
setns
setpgid
setpriority
setregid
setregid32
setresgid
setresgid32
setresuid
setresuid32
setreuid
setreuid32
setrlimit
setsid
setsockopt
setuid
setuid32
setxattr
shmctl
shmdt
shmget
shutdown
sigaction
sigaltstack
signal
signalfd
signalfd4
sigpending
sigprocmask
sigreturn
sigsuspend
socket 0 AF_INET
socket 0 AF_INET6
socket 0 AF_LOCAL
socket 0 AF_NETLINK
socket 0 AF_UNIX
socket 0 AF_UNSPEC
socketcall
socketpair
splice
spu_create
spu_run
stat
stat64
statfs
statfs64
statx
symlink
symlinkat
sync
sync_file_range
sync_file_range2
syncfs
sysinfo
tee
tgkill
time
timer_create
timer_delete
timer_getoverrun
timer_gettime
timer_settime
timerfd_create
timerfd_gettime
timerfd_settime
times
tkill
truncate
truncate64
ugetrlimit
umask
uname
unlink
unlinkat
unshare
utime
utimensat
utimes
vfork
wait4
waitid
waitpid
write
writev

## W^X.
# Disallow creating writable and executable mappings.
mmap 2 PROT_NONE
mmap 2 PROT_READ
mmap 2 PROT_WRITE
mmap 2 PROT_EXEC
mmap 2 PROT_READ|PROT_EXEC
mmap 2 PROT_READ|PROT_WRITE
mmap2 2 PROT_NONE
mmap2 2 PROT_READ
mmap2 2 PROT_WRITE
mmap2 2 PROT_EXEC
mmap2 2 PROT_READ|PROT_EXEC
mmap2 2 PROT_READ|PROT_WRITE

# Disallow transitioning mappings to executable.
mprotect 2 PROT_NONE
mprotect 2 PROT_READ
mprotect 2 PROT_WRITE
mprotect 2 PROT_READ|PROT_WRITE
pkey_mprotect 2 PROT_NONE
pkey_mprotect 2 PROT_READ
pkey_mprotect 2 PROT_WRITE
pkey_mprotect 2 PROT_READ|PROT_WRITE

# Disallow mapping shared memory segments as executable.
shmat 2 0
shmat 2 SHM_RND
shmat 2 SHM_RDONLY
shmat 2 SHM_REMAP
