Kernel Syscalls

Note on these
Args go in their normal registers, like arg1 in R0, as usual...

Usage
MOV R12, #x // number from list swi 0x80 bx lr

List

 * Clear Instruction Cache: 0
 * Flush Data Cache: 1
 * _pthread_set_self: 2
 * Unknown: 3

Usage
MOV IP, #x // number from following list into Intraprocedural, a.k.a. r12 SVC 0x80  // Formerly, SWI (software interrupt)

For example:

(gdb) disass chown 0x30d2ad54 :	mov	r12, #16	      ; 0x10, being # of chown 0x30d2ad58 :	svc	0x00000080

Most of these are the same as you would find in the XNU open source kernel, with ARM idiosyncrasies aside (and #372, ledger)

List

 * exit: 1
 * fork: 2
 * read: 3
 * write: 4
 * open: 5
 * close: 6
 * wait4: 7
 * link: 9
 * unlink: 10
 * chdir: 12
 * fchdir: 13
 * mknod: 14
 * chmod: 15
 * chown: 16
 * getfsstat: 18
 * getpid: 20
 * setuid: 23
 * getuid: 24
 * geteuid: 25
 * ptrace: 26
 * recvmsg: 27
 * sendmsg: 28
 * recvfrom: 29
 * accept: 30
 * getpeername: 31
 * getsockname: 32
 * access: 33
 * chflags: 34
 * fchflags: 35
 * sync: 36
 * kill: 37
 * getppid: 39
 * dup: 41
 * pipe: 42
 * getegid: 43
 * profil: 44
 * sigaction: 46
 * getgid: 47
 * sigprocmask: 48
 * getlogin: 49
 * setlogin: 50
 * acct: 51
 * sigpending: 52
 * signalstack: 53
 * ioctl: 54
 * reboot: 55
 * revoke: 56
 * symlink: 57
 * readlink: 58
 * execve: 59
 * umask: 60
 * chroot: 61
 * msync: 65
 * vfork: 66
 * munmap: 73
 * mprotect: 74
 * madvise: 75
 * mincore: 78
 * getgroups: 79
 * setgroups: 80
 * getpgrp: 81
 * setpgid: 82
 * setitimer: 83
 * swapon: 85
 * getitimer: 86
 * getdtablesize: 89
 * dup2: 90
 * fnctl: 92
 * select: 93
 * fsync: 95
 * setpriority: 96
 * socket: 97
 * connect: 98
 * getpriority: 100
 * bind: 104
 * setsockopt: 105
 * listen: 106
 * sigsuspend: 111
 * gettimeofday: 116
 * getrusage: 117
 * getsockopt: 118
 * readv: 120
 * writev: 121
 * settimeofday: 122
 * fchown: 123
 * fchmod: 124
 * setreuid: 126
 * setregid: 127
 * rename: 128
 * flock: 131
 * mkfifo: 132
 * sendto: 133
 * shutdown: 134
 * socketpair: 135
 * mkdir: 136
 * rmdir: 137
 * utimes: 138
 * futimes: 139
 * adjtime: 140
 * gethostuuid: 142
 * setsid: 145
 * getpgid: 151
 * setprivexec: 152
 * pread: 153
 * pwrite: 154
 * statfs: 157
 * fstatfs: 158
 * unmount: 159
 * quotactl: 165
 * mount: 167
 * csops: 169
 * waitid: 173
 * add_profil: 176
 * kdebug_trace: 180
 * setgid: 181
 * setegid: 182
 * seteuid: 183
 * sigreturn: 184
 * chod: 185
 * fdatasync: 187
 * stat: 188
 * fstat: 189
 * lstat: 190
 * pathconf: 191
 * fpathconf: 192
 * getrlimit: 194
 * setrlimit: 195
 * getdirentries: 196
 * mmap: 197
 * lseek: 199
 * truncate: 200
 * ftruncate: 201
 * __sysctl: 202
 * mlock: 203
 * munlock: 204
 * undelete: 205
 * mkcomplex: 216
 * statv: 217
 * lstatv: 218
 * fstatv: 219
 * getattrlist: 220
 * setattrlist: 221
 * getdirentriesattr: 222
 * exchangedata: 223
 * fsgetpath: 224
 * searchfs: 225
 * delete: 226
 * copyfile: 227
 * fgetattrlist: 228
 * fsetattrlist: 229
 * poll: 230
 * watchevent: 231
 * waitevent: 232
 * modwatch: 233
 * getxattr: 234
 * fgetxattr: 235
 * setxattr: 236
 * fsetxattr: 237
 * removexattr: 238
 * fremovexattr: 239
 * listxattr: 240
 * flistxattr: 241
 * fsctl: 242
 * initgroups: 243
 * posix_spawn: 244
 * ffsctl: 245
 * minherit: 250
 * shm_open: 266
 * shm_unlink: 267
 * sem_open: 268
 * sem_close: 269
 * sem_unlink: 270
 * sem_wait: 271
 * sem_trywait: 272
 * sem_post: 273
 * sem_getvalue: 274
 * sem_init: 275
 * sem_destroy: 276
 * open_extended: 277
 * umask_extended: 278
 * stat_extended: 279
 * lstat_extended: 280
 * fstat_extended: 281
 * chmod_extended: 282
 * fchmod_extended: 283
 * access_extended: 284
 * settid: 285
 * gettid: 286
 * setsgroups: 287
 * getsgroups: 288
 * setwgroups: 289
 * getwgroups: 290
 * mkfifo_extended: 291
 * mkdir_extended: 292
 * identitysvc: 293
 * shared_region_check_np: 294
 * shared_region_map_np: 295
 * vm_pressure_monitor: 296
 * __pthread_mutex_destroy: 301
 * __pthread_mutex_init: 302
 * __pthread_mutex_lock: 303
 * __pthread_mutex_trylock: 304
 * __pthread_mutex_unlock: 305
 * __pthread_cond_init: 306
 * __pthread_cond_destroy: 307
 * __pthread_cond_broadcast: 308
 * __pthread_cond_signal: 309
 * getsid: 310
 * settid_with_pid: 311
 * __pthread_cond_timedwait: 312
 * aio_fsync: 313
 * aio_return: 314
 * aio_suspend: 315
 * aio_cancel: 316
 * aio_error: 317
 * aio_read: 318
 * aio_write: 319
 * lio_listio: 320
 * __pthread_cond_wait: 321
 * iopolicysys: 322
 * mlockall: 324
 * munlockall: 325
 * issetugid: 327
 * __pthread_kill: 328
 * __pthread_sigmask: 329
 * __sigwait: 330
 * __disable_threadsignal: 331
 * __pthread_markcancel: 332
 * __pthread_canceled: 333
 * proc_info: 336
 * stat64: 338
 * fstat64: 339
 * lstat64: 340
 * stat64_extended: 341
 * lstat64_extended: 342
 * fstat64_extended: 343
 * getdirectories64: 344
 * statfs64: 345
 * fstatfs64: 346
 * getfsstat64: 347
 * __pthread_chdir: 348
 * __pthread_fchdir: 349
 * kqueue: 362
 * kevent: 363
 * lchown: 364
 * stack_snapshot: 365
 * kevent64: 369
 * __semwait_signal: 370
 * __semwait_signal_nocancel: 371
 * ledger: 372 - This Syscall exists only in iOS, having been taken out of OS X a while ago.

The following syscalls are for BSD's Mandatory Access Control, on top of which Apple's "SandBox" (sandbox.kext) is implemented


 * __mac_execve: 380
 * __mac_syscall: 381
 * __mac_get_file: 382
 * __mac_set_file: 383
 * __mac_get_link: 384
 * __mac_set_link: 385
 * __mac_get_proc: 386
 * __mac_set_proc: 387
 * __mac_get_fd: 388
 * __mac_set_fd: 389
 * __mac_get_pid: 390
 * __mac_get_lcid: 391
 * __mac_get_lctx: 392
 * __mac_set_lctx: 393

-


 * setlcid: 394
 * getlcid: 395

The "nocancel"s are the same as their cancellable counterparts. In most cases, the latter are just wrappers, with a call to __pthread_testcancel(1); -
 * read_nocancel: 396
 * write_nocancel: 397
 * open_nocancel: 398
 * close_nocancel: 399
 * wait4_nocancel: 400
 * recvmsg_nocancel: 401
 * sendmsg_nocancel: 402
 * recvfrom_nocancel: 403
 * accept_nocancel: 404
 * msync_nocancel: 405
 * fnctl_nocancel: 406
 * select_nocancel: 407
 * fsync_nocancel: 408
 * connect_nocancel: 409
 * sigsuspend_nocancel: 410
 * readv_nocancel: 411
 * writev_nocancel: 412
 * sendto_nocancel: 413
 * pread_nocancel: 414
 * pwrite_nocancel: 415
 * waitid_nocancel: 416
 * poll_nocancel: 417
 * sem_wait_nocancel: 420
 * aio_suspend_nocancel: 421
 * __sigwait_nocancel: 422
 * __semwait_signal_nocancel: 423
 * __mac_mount: 424
 * __mac_get_mount: 425
 * __mac_getfsstat: 426
 * fsgetpath_1: 427
 * _audit_session_self: 428
 * audit_session_join: 429
 * fileport_makeport: 430
 * fileport_makefd: 431
 * audit_session_port: 432
 * pid_suspend: 433
 * pid_resume: 434
 * pid_hibernate: 435
 * pid_shutdown_sockets: 436
 * (unused): 437
 * shared_region_map_and_slide_np: 438 (used in ASLR)