From ddd616aa0b60802046169c23b0a40ac9a76cc8c9 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Wed, 20 Mar 2019 11:56:32 -0400
Subject: [PATCH] add documentation on system calls

---
 README.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/README.md b/README.md
index a10eb29..430516f 100644
--- a/README.md
+++ b/README.md
@@ -605,3 +605,33 @@ less useful results falling back to higher upper bounds, but is very fast. In
 this implementation, it retrieves an upper bound on the size for small memory
 allocations based on calculating the size class region. This function is safe
 to use from signal handlers already.
+
+## System calls
+
+This is intended to aid with creating system call whitelists via seccomp-bpf
+and will change over time.
+
+System calls used by all build configurations:
+
+* `futex(uaddr, FUTEX_WAIT_PRIVATE, val, NULL)` (via `pthread_mutex_lock`)
+* `futex(uaddr, FUTEX_WAKE_PRIVATE, val)` (via `pthread_mutex_unlock`)
+* `getrandom(buf, buflen, 0)` (to seed and regularly reseed the CSPRNG)
+* `mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0)`
+* `mmap(ptr, size, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED, -1, 0)`
+* `mprotect(ptr, size, PROT_READ)`
+* `mprotect(ptr, size, PROT_READ|PROT_WRITE)`
+* `mremap(old, old_size, new_size, 0)`
+* `mremap(old, old_size, new_size, MREMAP_MAYMOVE|MREMAP_FIXED, new)`
+* `munmap`
+* `write(STDERR_FILENO, buf, len)` (before aborting due to memory corruption)
+
+Additional system calls when `CONFIG_SEAL_METADATA=true` is set:
+
+* `pkey_alloc`
+* `pkey_mprotect` instead of `mprotect` with an additional `pkey` parameter,
+  but otherwise the same (regular `mprotect` is never called)
+* `uname` (to detect old buggy kernel versions)
+
+Additional system calls for Android builds with `LABEL_MEMORY`:
+
+* `prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, ptr, size, name)`