blob: 0d14883f437d7ed7c3a186ab6e984ed921c58268 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
include common.chasc
# syscall nr is loaded in common.chasc
# for sendfd/recvfd
ifeqdef SYS_recvmsg allow
ifeqdef SYS_sendmsg allow
# accept socket(2), but only with AF_UNIX
ifne SYS_socket not_socket
# load domain
load args[0]
ifeq AF_UNIX allow
load nr
: not_socket
# following syscalls are rarely called
ifeqdef SYS_accept allow # for accepting requests from pager
ifeqdef SYS_accept4 allow # for when accept is implemented as accept4
ifeqdef SYS_bind allow # for outgoing requests to loader
ifeqdef SYS_clock_gettime allow # used by QuickJS in atomics and cpuTime()
ifeqdef SYS_clock_gettime64 allow # 64-bit clock_gettime on 32-bit platforms
ifeqdef SYS_clone allow # for when fork is implemented as clone
ifeqdef SYS_connect allow # for outgoing requests to loader
ifeqdef SYS_fork allow # for when fork is really fork
ifeqdef SYS_getpid allow # for determining current PID after we fork
ifeqdef SYS_gettimeofday allow # used by QuickJS in Date.now()
ifeqdef SYS_pipe allow # for pipes to child process
ifeqdef SYS_pipe2 allow # for when pipe is implemented as pipe2
ifeqdef SYS_rt_sigreturn allow # newer kernels have this instead of sigreturn
ifeqdef SYS_set_robust_list allow # glibc seems to need it for whatever reason
ifeqdef SYS_sigreturn allow # called by signal trampoline
: deny
ret trap
: kill
ret kill
: eperm
ret errno EPERM
: allow
ret allow
|