New syscalls added to the Linux kernel should be added to third_party/src/vX.X/security/chromiumos/complete_whitelists.h as we ship new kernels. Currently that list is up-to-date through v4.14.

There are probably other places where it would be nice to be able to easily figure out which syscalls have recently been added to Linux. For now I have just been looking at header files (arch/x86/entry/syscalls/syscall_64.tbl, arch/arm/tools/syscall.tbl, include/uapi/asm-generic/unistd.h) to figure this out, which doesn't scale well. Linux has a means to report unsupported syscalls (scripts/checksyscalls.sh). We could possibly write a similar script.