I am writing some inline assembly code for Android and while stepping through the code using GDB in an x64 Android emulator, I see the syscall I tried to execute got a SIGSYS Bad System Call error. I tried running the code as a standlone executable (not an Android application and also running it in the emulator) and it works properly without error.
I searched online for the error code and online articles seem to point to seccomp. Does seccomp play a part in limiting what syscall I can make? Where can I find out more details about this?
My code snippet is as follows
char *filename = "/system/bin/sh";
int f_ok = F_OK;
int ret_val;
#ifdef __x86_64__
__asm__ volatile(
"movq $21, %%rax\n\t"
"movq %1, %%rdi\n\t"
"movq %2, %%rsi\n\t"
"syscall\n\t"
"movq %%rax, %0"
: "=m"(ret_val)
: "m"(filename), "m"(f_ok)
: "%rax", "%rdi", "%rsi", "cc", "memory"
);
__android_log_print(ANDROID_LOG_VERBOSE, "inline_assembly", "ret_val %i", ret_val);
I based the usage of the syscall number on this link (https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md#x86_64-64_bit).
I am not sure if the error is caused by my code or seccomp. Any advice is appreciated.
If your process gets a SIGSYS, it means that a syscall filter is installed. So, yes, it is definitely related to seccomp(2).