Relatively harmless syscalls:
* dup, used by mozilla::ipc::Shmem
* getuid, for android::IPCThreadState, used in audio decode
* nanosleep, used by android::AudioTrack
Of potential concern:
* sched_setscheduler, used by audio threads in e.g. CubeVid
This might be restrictable somewhat by inspecting its arguments.
Of serious concern:
* unlink, as a workaround for bug 906996 (q.v.).
Note that we already allow open(), including for writing (temporary
files, /dev/genlock on qcom devices, probably more), so allowing unlink
won't make the situation much worse.