# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# For now, it supports architechture of ['arm', 'arm64'].

@returnValue
TRAP

@headFiles
"seccomp_policy_constants.h"

@mode
ONLY_CHECK_ARGS

@allowListWithArgs
setresuid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS && arg2 >= START_UID_FOR_RENDER_PROCESS && arg2 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all
setresgid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS && arg2 >= START_UID_FOR_RENDER_PROCESS && arg2 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all
setresuid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS && arg2 >= START_UID_FOR_RENDER_PROCESS && arg2 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm
setresgid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS && arg2 >= START_UID_FOR_RENDER_PROCESS && arg2 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm
setuid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all
setgid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all
setuid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm
setgid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm
setreuid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all
setregid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all
setreuid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm
setregid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS && arg1 >= START_UID_FOR_RENDER_PROCESS && arg1 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm
setfsuid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all
setfsgid: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;all
setfsuid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm
setfsgid32: if arg0 >= START_UID_FOR_RENDER_PROCESS && arg0 <= END_UID_FOR_RENDER_PROCESS; return ALLOW; else return TRAP;arm