diff options
| author | Alyssa Ross <hi@alyssa.is> | 2020-06-14 11:25:18 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2020-06-14 11:25:18 +0000 |
| commit | b7966a9d2e768533acac0f37bdeb293c256109d3 (patch) | |
| tree | 357a365ecc99e4bec214d084352e316769f70041 /seccomp | |
| parent | 1e318da5b57c12f67bed3b528100dbe4ec287ac5 (diff) | |
| parent | d42d3fec7a9535b664b89d30fd48c90feda59957 (diff) | |
| download | crosvm-b7966a9d2e768533acac0f37bdeb293c256109d3.tar crosvm-b7966a9d2e768533acac0f37bdeb293c256109d3.tar.gz crosvm-b7966a9d2e768533acac0f37bdeb293c256109d3.tar.bz2 crosvm-b7966a9d2e768533acac0f37bdeb293c256109d3.tar.lz crosvm-b7966a9d2e768533acac0f37bdeb293c256109d3.tar.xz crosvm-b7966a9d2e768533acac0f37bdeb293c256109d3.tar.zst crosvm-b7966a9d2e768533acac0f37bdeb293c256109d3.zip | |
Merge remote-tracking branch 'origin/master'
Diffstat (limited to 'seccomp')
| -rw-r--r-- | seccomp/aarch64/fs_device.policy | 2 | ||||
| -rw-r--r-- | seccomp/arm/fs_device.policy | 3 | ||||
| -rw-r--r-- | seccomp/arm/video_device.policy | 25 | ||||
| -rw-r--r-- | seccomp/x86_64/fs_device.policy | 3 |
4 files changed, 33 insertions, 0 deletions
diff --git a/seccomp/aarch64/fs_device.policy b/seccomp/aarch64/fs_device.policy index 7bf794a..adeb9b6 100644 --- a/seccomp/aarch64/fs_device.policy +++ b/seccomp/aarch64/fs_device.policy @@ -6,7 +6,9 @@ copy_file_range: 1 fallocate: 1 +fchmod: 1 fchmodat: 1 +fchown: 1 fchownat: 1 fdatasync: 1 lgetxattr: 1 diff --git a/seccomp/arm/fs_device.policy b/seccomp/arm/fs_device.policy index 661883a..5290afa 100644 --- a/seccomp/arm/fs_device.policy +++ b/seccomp/arm/fs_device.policy @@ -6,7 +6,9 @@ copy_file_range: 1 fallocate: 1 +fchmod: 1 fchmodat: 1 +fchown32: 1 fchownat: 1 fdatasync: 1 lgetxattr: 1 @@ -23,6 +25,7 @@ geteuid32: 1 ioctl: arg1 == FS_IOC_GET_ENCRYPTION_POLICY || arg1 == FS_IOC_SET_ENCRYPTION_POLICY linkat: 1 _llseek: 1 +mkdir: 1 mkdirat: 1 mknodat: 1 open: return ENOENT diff --git a/seccomp/arm/video_device.policy b/seccomp/arm/video_device.policy new file mode 100644 index 0000000..f8a722d --- /dev/null +++ b/seccomp/arm/video_device.policy @@ -0,0 +1,25 @@ +# Copyright 2020 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +@include /usr/share/policy/crosvm/common_device.policy + +# Syscalls specific to video devices. +clock_getres: 1 +clock_gettime: 1 +connect: 1 +fcntl64: arg1 == F_GETFL || arg1 == F_SETFL || arg1 == F_DUPFD_CLOEXEC || arg1 == F_GETFD || arg1 == F_SETFD +getegid32: 1 +geteuid32: 1 +getgid32: 1 +getresgid32: 1 +getresuid32: 1 +getsockname: 1 +getuid32: 1 +# ioctl: arg1 == DRM_IOCTL_* +ioctl: arg1 & 0x6400 +openat: 1 +send: 1 +setpriority: 1 +socket: arg0 == AF_UNIX +stat64: 1 diff --git a/seccomp/x86_64/fs_device.policy b/seccomp/x86_64/fs_device.policy index 1c10601..1454770 100644 --- a/seccomp/x86_64/fs_device.policy +++ b/seccomp/x86_64/fs_device.policy @@ -6,7 +6,9 @@ copy_file_range: 1 fallocate: 1 +fchmod: 1 fchmodat: 1 +fchown: 1 fchownat: 1 fdatasync: 1 lgetxattr: 1 @@ -22,6 +24,7 @@ geteuid: 1 ioctl: arg1 == FS_IOC_GET_ENCRYPTION_POLICY || arg1 == FS_IOC_SET_ENCRYPTION_POLICY linkat: 1 lseek: 1 +mkdir: 1 mkdirat: 1 mknodat: 1 newfstatat: 1 |