Optimize seccomp

    // 64-bit filter

    // 64-bit filter

    ExamineSyscall(f);

    ExamineSyscall(f);

    // arm64-only filter - autogenerated from bionic syscall usage

    for (size_t i = 0; i < arm64_filter_size; ++i)

        f.push_back(arm64_filter[i]);

    // Syscalls needed to boot Android

    // Syscalls needed to boot Android

    AllowSyscall(f, 41);  // __NR_pivot_root

    AllowSyscall(f, 41);  // __NR_pivot_root

    AllowSyscall(f, 31);  // __NR_ioprio_get

    AllowSyscall(f, 31);  // __NR_ioprio_get

    // Needed for kernel to restart syscalls

    // Needed for kernel to restart syscalls

    AllowSyscall(f, 128); // __NR_restart_syscall

    AllowSyscall(f, 128); // __NR_restart_syscall

    // arm64-only filter - autogenerated from bionic syscall usage

    Trap(f);

    for (size_t i = 0; i < arm64_filter_size; ++i)

        f.push_back(arm64_filter[i]);

    if (SetValidateArchitectureJumpTarget(offset_to_32bit_filter, f) != 0)

    if (SetValidateArchitectureJumpTarget(offset_to_32bit_filter, f) != 0)

        return -1;

        return -1;

    // 32-bit filter

    // 32-bit filter

    ExamineSyscall(f);

    ExamineSyscall(f);

    // arm32 filter - autogenerated from bionic syscall usage

    for (size_t i = 0; i < arm_filter_size; ++i)

        f.push_back(arm_filter[i]);

    // Syscalls needed to boot android

    // Syscalls needed to boot android

    AllowSyscall(f, 120); // __NR_clone

    AllowSyscall(f, 120); // __NR_clone

    AllowSyscall(f, 240); // __NR_futex

    AllowSyscall(f, 240); // __NR_futex

    // already allowed.

    // already allowed.

    AllowSyscall(f, 85);  // __NR_readlink

    AllowSyscall(f, 85);  // __NR_readlink

    // arm32 filter - autogenerated from bionic syscall usage

    Trap(f);

    for (size_t i = 0; i < arm_filter_size; ++i)

        f.push_back(arm_filter[i]);

    return install_filter(f);

    return install_filter(f);

}

}