bug 1102277 - Update seccomp filter for newer bionic. r=jld

security/sandbox/linux/SandboxFilter.cpp

@@ -132,6 +132,7 @@ SandboxFilterImplContent::Build() {
 
   Allow(SYSCALL(clock_gettime));
   Allow(SYSCALL(epoll_wait));
+  Allow(SYSCALL(epoll_pwait));
   Allow(SYSCALL(gettimeofday));
   Allow(SYSCALL(read));
   Allow(SYSCALL(write));
@@ -168,6 +169,9 @@ SandboxFilterImplContent::Build() {
   Allow(SYSCALL(dup));
   Allow(SYSCALL(nanosleep));
   Allow(SYSCALL(poll));
+  Allow(SYSCALL(ppoll));
+  Allow(SYSCALL(openat));
+  Allow(SYSCALL(faccessat));
   // select()'s arguments used to be passed by pointer as a struct.
 #if SYSCALL_EXISTS(_newselect)
   Allow(SYSCALL(_newselect));
@@ -299,6 +303,9 @@ SandboxFilterImplContent::Build() {
   Allow(SYSCALL(umask));
   Allow(SYSCALL(getresgid));
   Allow(SYSCALL(poll));
+  Allow(SYSCALL(ppoll));
+  Allow(SYSCALL(openat));
+  Allow(SYSCALL(faccessat));
   Allow(SYSCALL(inotify_init1));
   Allow(SYSCALL(wait4));
   Allow(SYSVIPCCALL(shmctl, SHMCTL));
@@ -358,6 +365,7 @@ void SandboxFilterImplGMP::Build() {
   Allow(SYSCALL(write));
   Allow(SYSCALL(read));
   Allow(SYSCALL(epoll_wait));
+  Allow(SYSCALL(epoll_pwait));
   Allow(SOCKETCALL(recvmsg, RECVMSG));
   Allow(SOCKETCALL(sendmsg, SENDMSG));
   Allow(SYSCALL(time));