// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.

package sandbox

import (
	"golang.org/x/sys/unix"
)

const NATIVE_AUDIT_ARCH = AUDIT_ARCH_X86_64

var AllowedSyscalls = []SeccompSyscall{
	{Syscall: unix.SYS_ACCEPT},
	{Syscall: unix.SYS_ACCEPT4},
	{Syscall: unix.SYS_ACCESS},
	{Syscall: unix.SYS_ADJTIMEX},
	{Syscall: unix.SYS_ALARM},
	{Syscall: unix.SYS_ARCH_PRCTL},
	{Syscall: unix.SYS_BIND},
	{Syscall: unix.SYS_BRK},
	{Syscall: unix.SYS_CAPGET},
	{Syscall: unix.SYS_CAPSET},
	{Syscall: unix.SYS_CHDIR},
	{Syscall: unix.SYS_CHMOD},
	{Syscall: unix.SYS_CHOWN},
	{Syscall: unix.SYS_CLOCK_GETRES},
	{Syscall: unix.SYS_CLOCK_GETTIME},
	{Syscall: unix.SYS_CLOCK_NANOSLEEP},
	{
		Syscall: unix.SYS_CLONE,
		Any: []SeccompConditions{{
			All: []SeccompCondition{SeccompArgHasNoBits{
				Arg:  0,
				Mask: unix.CLONE_NEWCGROUP | unix.CLONE_NEWIPC | unix.CLONE_NEWNET | unix.CLONE_NEWNS | unix.CLONE_NEWPID | unix.CLONE_NEWUSER | unix.CLONE_NEWUTS,
			}},
		}},
	},
	{Syscall: unix.SYS_CLOSE},
	{Syscall: unix.SYS_CONNECT},
	{Syscall: unix.SYS_COPY_FILE_RANGE},
	{Syscall: unix.SYS_CREAT},
	{Syscall: unix.SYS_DUP},
	{Syscall: unix.SYS_DUP2},
	{Syscall: unix.SYS_DUP3},
	{Syscall: unix.SYS_EPOLL_CREATE},
	{Syscall: unix.SYS_EPOLL_CREATE1},
	{Syscall: unix.SYS_EPOLL_CTL},
	{Syscall: unix.SYS_EPOLL_CTL_OLD},
	{Syscall: unix.SYS_EPOLL_PWAIT},
	{Syscall: unix.SYS_EPOLL_WAIT},
	{Syscall: unix.SYS_EPOLL_WAIT_OLD},
	{Syscall: unix.SYS_EVENTFD},
	{Syscall: unix.SYS_EVENTFD2},
	{Syscall: unix.SYS_EXECVE},
	{Syscall: unix.SYS_EXECVEAT},
	{Syscall: unix.SYS_EXIT},
	{Syscall: unix.SYS_EXIT_GROUP},
	{Syscall: unix.SYS_FACCESSAT},
	{Syscall: unix.SYS_FADVISE64},
	{Syscall: unix.SYS_FALLOCATE},
	{Syscall: unix.SYS_FANOTIFY_MARK},
	{Syscall: unix.SYS_FCHDIR},
	{Syscall: unix.SYS_FCHMOD},
	{Syscall: unix.SYS_FCHMODAT},
	{Syscall: unix.SYS_FCHOWN},
	{Syscall: unix.SYS_FCHOWNAT},
	{Syscall: unix.SYS_FCNTL},
	{Syscall: unix.SYS_FDATASYNC},
	{Syscall: unix.SYS_FGETXATTR},
	{Syscall: unix.SYS_FLISTXATTR},
	{Syscall: unix.SYS_FLOCK},
	{Syscall: unix.SYS_FORK},
	{Syscall: unix.SYS_FREMOVEXATTR},
	{Syscall: unix.SYS_FSETXATTR},
	{Syscall: unix.SYS_FSTAT},
	{Syscall: unix.SYS_FSTATFS},
	{Syscall: unix.SYS_FSYNC},
	{Syscall: unix.SYS_FTRUNCATE},
	{Syscall: unix.SYS_FUTEX},
	{Syscall: unix.SYS_FUTIMESAT},
	{Syscall: unix.SYS_GETCPU},
	{Syscall: unix.SYS_GETCWD},
	{Syscall: unix.SYS_GETDENTS},
	{Syscall: unix.SYS_GETDENTS64},
	{Syscall: unix.SYS_GETEGID},
	{Syscall: unix.SYS_GETEUID},
	{Syscall: unix.SYS_GETGID},
	{Syscall: unix.SYS_GETGROUPS},
	{Syscall: unix.SYS_GETITIMER},
	{Syscall: unix.SYS_GETPEERNAME},
	{Syscall: unix.SYS_GETPGID},
	{Syscall: unix.SYS_GETPGRP},
	{Syscall: unix.SYS_GETPID},
	{Syscall: unix.SYS_GETPPID},
	{Syscall: unix.SYS_GETPRIORITY},
	{Syscall: unix.SYS_GETRANDOM},
	{Syscall: unix.SYS_GETRESGID},
	{Syscall: unix.SYS_GETRESUID},
	{Syscall: unix.SYS_GETRLIMIT},
	{Syscall: unix.SYS_GET_ROBUST_LIST},
	{Syscall: unix.SYS_GETRUSAGE},
	{Syscall: unix.SYS_GETSID},
	{Syscall: unix.SYS_GETSOCKNAME},
	{Syscall: unix.SYS_GETSOCKOPT},
	{Syscall: unix.SYS_GET_THREAD_AREA},
	{Syscall: unix.SYS_GETTID},
	{Syscall: unix.SYS_GETTIMEOFDAY},
	{Syscall: unix.SYS_GETUID},
	{Syscall: unix.SYS_GETXATTR},
	{Syscall: unix.SYS_INOTIFY_ADD_WATCH},
	{Syscall: unix.SYS_INOTIFY_INIT},
	{Syscall: unix.SYS_INOTIFY_INIT1},
	{Syscall: unix.SYS_INOTIFY_RM_WATCH},
	{Syscall: unix.SYS_IO_CANCEL},
	{Syscall: unix.SYS_IOCTL},
	{Syscall: unix.SYS_IO_DESTROY},
	{Syscall: unix.SYS_IO_GETEVENTS},
	{Syscall: unix.SYS_IOPRIO_GET},
	{Syscall: unix.SYS_IOPRIO_SET},
	{Syscall: unix.SYS_IO_SETUP},
	{Syscall: unix.SYS_IO_SUBMIT},
	{Syscall: unix.SYS_KILL},
	{Syscall: unix.SYS_LCHOWN},
	{Syscall: unix.SYS_LGETXATTR},
	{Syscall: unix.SYS_LINK},
	{Syscall: unix.SYS_LINKAT},
	{Syscall: unix.SYS_LISTEN},
	{Syscall: unix.SYS_LISTXATTR},
	{Syscall: unix.SYS_LLISTXATTR},
	{Syscall: unix.SYS_LREMOVEXATTR},
	{Syscall: unix.SYS_LSEEK},
	{Syscall: unix.SYS_LSETXATTR},
	{Syscall: unix.SYS_LSTAT},
	{Syscall: unix.SYS_MADVISE},
	{Syscall: unix.SYS_MEMFD_CREATE},
	{Syscall: unix.SYS_MINCORE},
	{Syscall: unix.SYS_MKDIR},
	{Syscall: unix.SYS_MKDIRAT},
	{Syscall: unix.SYS_MKNOD},
	{Syscall: unix.SYS_MKNODAT},
	{Syscall: unix.SYS_MLOCK},
	{Syscall: unix.SYS_MLOCK2},
	{Syscall: unix.SYS_MLOCKALL},
	{Syscall: unix.SYS_MMAP},
	{Syscall: unix.SYS_MODIFY_LDT},
	{Syscall: unix.SYS_MPROTECT},
	{Syscall: unix.SYS_MQ_GETSETATTR},
	{Syscall: unix.SYS_MQ_NOTIFY},
	{Syscall: unix.SYS_MQ_OPEN},
	{Syscall: unix.SYS_MQ_TIMEDRECEIVE},
	{Syscall: unix.SYS_MQ_TIMEDSEND},
	{Syscall: unix.SYS_MQ_UNLINK},
	{Syscall: unix.SYS_MREMAP},
	{Syscall: unix.SYS_MSGCTL},
	{Syscall: unix.SYS_MSGGET},
	{Syscall: unix.SYS_MSGRCV},
	{Syscall: unix.SYS_MSGSND},
	{Syscall: unix.SYS_MSYNC},
	{Syscall: unix.SYS_MUNLOCK},
	{Syscall: unix.SYS_MUNLOCKALL},
	{Syscall: unix.SYS_MUNMAP},
	{Syscall: unix.SYS_NANOSLEEP},
	{Syscall: unix.SYS_NEWFSTATAT},
	{Syscall: unix.SYS_OPEN},
	{Syscall: unix.SYS_OPENAT},
	{Syscall: unix.SYS_PAUSE},
	{
		Syscall: unix.SYS_PERSONALITY,
		Any: []SeccompConditions{
			{All: []SeccompCondition{SeccompArgEquals{Arg: 0, Value: 0}}},
			{All: []SeccompCondition{SeccompArgEquals{Arg: 0, Value: 8}}},
			{All: []SeccompCondition{SeccompArgEquals{Arg: 0, Value: 0x20000}}},
			{All: []SeccompCondition{SeccompArgEquals{Arg: 0, Value: 0x20008}}},
			{All: []SeccompCondition{SeccompArgEquals{Arg: 0, Value: 0xffffffff}}},
		},
	},
	{Syscall: unix.SYS_PIPE},
	{Syscall: unix.SYS_PIPE2},
	{Syscall: unix.SYS_POLL},
	{Syscall: unix.SYS_PPOLL},
	{Syscall: unix.SYS_PRCTL},
	{Syscall: unix.SYS_PREAD64},
	{Syscall: unix.SYS_PREADV},
	{Syscall: unix.SYS_PREADV2},
	{Syscall: unix.SYS_PRLIMIT64},
	{Syscall: unix.SYS_PSELECT6},
	{Syscall: unix.SYS_PWRITE64},
	{Syscall: unix.SYS_PWRITEV},
	{Syscall: unix.SYS_PWRITEV2},
	{Syscall: unix.SYS_READ},
	{Syscall: unix.SYS_READAHEAD},
	{Syscall: unix.SYS_READLINK},
	{Syscall: unix.SYS_READLINKAT},
	{Syscall: unix.SYS_READV},
	{Syscall: unix.SYS_RECVFROM},
	{Syscall: unix.SYS_RECVMMSG},
	{Syscall: unix.SYS_RECVMSG},
	{Syscall: unix.SYS_REMAP_FILE_PAGES},
	{Syscall: unix.SYS_REMOVEXATTR},
	{Syscall: unix.SYS_RENAME},
	{Syscall: unix.SYS_RENAMEAT},
	{Syscall: unix.SYS_RENAMEAT2},
	{Syscall: unix.SYS_RESTART_SYSCALL},
	{Syscall: unix.SYS_RMDIR},
	{Syscall: unix.SYS_RT_SIGACTION},
	{Syscall: unix.SYS_RT_SIGPENDING},
	{Syscall: unix.SYS_RT_SIGPROCMASK},
	{Syscall: unix.SYS_RT_SIGQUEUEINFO},
	{Syscall: unix.SYS_RT_SIGRETURN},
	{Syscall: unix.SYS_RT_SIGSUSPEND},
	{Syscall: unix.SYS_RT_SIGTIMEDWAIT},
	{Syscall: unix.SYS_RT_TGSIGQUEUEINFO},
	{Syscall: unix.SYS_SCHED_GETAFFINITY},
	{Syscall: unix.SYS_SCHED_GETATTR},
	{Syscall: unix.SYS_SCHED_GETPARAM},
	{Syscall: unix.SYS_SCHED_GET_PRIORITY_MAX},
	{Syscall: unix.SYS_SCHED_GET_PRIORITY_MIN},
	{Syscall: unix.SYS_SCHED_GETSCHEDULER},
	{Syscall: unix.SYS_SCHED_RR_GET_INTERVAL},
	{Syscall: unix.SYS_SCHED_SETAFFINITY},
	{Syscall: unix.SYS_SCHED_SETATTR},
	{Syscall: unix.SYS_SCHED_SETPARAM},
	{Syscall: unix.SYS_SCHED_SETSCHEDULER},
	{Syscall: unix.SYS_SCHED_YIELD},
	{Syscall: unix.SYS_SECCOMP},
	{Syscall: unix.SYS_SELECT},
	{Syscall: unix.SYS_SEMCTL},
	{Syscall: unix.SYS_SEMGET},
	{Syscall: unix.SYS_SEMOP},
	{Syscall: unix.SYS_SEMTIMEDOP},
	{Syscall: unix.SYS_SENDFILE},
	{Syscall: unix.SYS_SENDMMSG},
	{Syscall: unix.SYS_SENDMSG},
	{Syscall: unix.SYS_SENDTO},
	{Syscall: unix.SYS_SETFSGID},
	{Syscall: unix.SYS_SETFSUID},
	{Syscall: unix.SYS_SETGID},
	{Syscall: unix.SYS_SETGROUPS},
	{Syscall: unix.SYS_SETITIMER},
	{Syscall: unix.SYS_SETPGID},
	{Syscall: unix.SYS_SETPRIORITY},
	{Syscall: unix.SYS_SETREGID},
	{Syscall: unix.SYS_SETRESGID},
	{Syscall: unix.SYS_SETRESUID},
	{Syscall: unix.SYS_SETREUID},
	{Syscall: unix.SYS_SETRLIMIT},
	{Syscall: unix.SYS_SET_ROBUST_LIST},
	{Syscall: unix.SYS_SETSID},
	{Syscall: unix.SYS_SETSOCKOPT},
	{Syscall: unix.SYS_SET_THREAD_AREA},
	{Syscall: unix.SYS_SET_TID_ADDRESS},
	{Syscall: unix.SYS_SETUID},
	{Syscall: unix.SYS_SETXATTR},
	{Syscall: unix.SYS_SHMAT},
	{Syscall: unix.SYS_SHMCTL},
	{Syscall: unix.SYS_SHMDT},
	{Syscall: unix.SYS_SHMGET},
	{Syscall: unix.SYS_SHUTDOWN},
	{Syscall: unix.SYS_SIGALTSTACK},
	{Syscall: unix.SYS_SIGNALFD},
	{Syscall: unix.SYS_SIGNALFD4},
	{Syscall: unix.SYS_SOCKET},
	{Syscall: unix.SYS_SOCKETPAIR},
	{Syscall: unix.SYS_SPLICE},
	{Syscall: unix.SYS_STAT},
	{Syscall: unix.SYS_STATFS},
	{Syscall: unix.SYS_SYMLINK},
	{Syscall: unix.SYS_SYMLINKAT},
	{Syscall: unix.SYS_SYNC},
	{Syscall: unix.SYS_SYNC_FILE_RANGE},
	{Syscall: unix.SYS_SYNCFS},
	{Syscall: unix.SYS_SYSINFO},
	{Syscall: unix.SYS_SYSLOG},
	{Syscall: unix.SYS_TEE},
	{Syscall: unix.SYS_TGKILL},
	{Syscall: unix.SYS_TIME},
	{Syscall: unix.SYS_TIMER_CREATE},
	{Syscall: unix.SYS_TIMER_DELETE},
	{Syscall: unix.SYS_TIMERFD_CREATE},
	{Syscall: unix.SYS_TIMERFD_GETTIME},
	{Syscall: unix.SYS_TIMERFD_SETTIME},
	{Syscall: unix.SYS_TIMER_GETOVERRUN},
	{Syscall: unix.SYS_TIMER_GETTIME},
	{Syscall: unix.SYS_TIMER_SETTIME},
	{Syscall: unix.SYS_TIMES},
	{Syscall: unix.SYS_TKILL},
	{Syscall: unix.SYS_TRUNCATE},
	{Syscall: unix.SYS_UMASK},
	{Syscall: unix.SYS_UNAME},
	{Syscall: unix.SYS_UNLINK},
	{Syscall: unix.SYS_UNLINKAT},
	{Syscall: unix.SYS_UTIME},
	{Syscall: unix.SYS_UTIMENSAT},
	{Syscall: unix.SYS_UTIMES},
	{Syscall: unix.SYS_VFORK},
	{Syscall: unix.SYS_VMSPLICE},
	{Syscall: unix.SYS_WAIT4},
	{Syscall: unix.SYS_WAITID},
	{Syscall: unix.SYS_WRITE},
	{Syscall: unix.SYS_WRITEV},
}