diff options
| author | Alexandre Courbot <acourbot@chromium.org> | 2020-06-03 17:40:12 +0900 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-06-11 01:56:42 +0000 |
| commit | 97d6359febdabc2f44d5ab404a0cd41e65172163 (patch) | |
| tree | 547c773831872142053f5b24a42348300171f874 /seccomp | |
| parent | 7c359d617f82361d03910a07ab54e17f07a54b23 (diff) | |
| download | crosvm-97d6359febdabc2f44d5ab404a0cd41e65172163.tar crosvm-97d6359febdabc2f44d5ab404a0cd41e65172163.tar.gz crosvm-97d6359febdabc2f44d5ab404a0cd41e65172163.tar.bz2 crosvm-97d6359febdabc2f44d5ab404a0cd41e65172163.tar.lz crosvm-97d6359febdabc2f44d5ab404a0cd41e65172163.tar.xz crosvm-97d6359febdabc2f44d5ab404a0cd41e65172163.tar.zst crosvm-97d6359febdabc2f44d5ab404a0cd41e65172163.zip | |
seccomp: add policy file video_device on ARM.
BUG=b:151399776 BUG=b:151394062 TEST=Video device is properly probed with policy enabled on a guest kernel with VIRTIO_VIDEO enabled. Change-Id: Ia29afa0ab3eb969291c046d8657cd28e88d54b96 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2230418 Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Tested-by: Alexandre Courbot <acourbot@chromium.org> Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
Diffstat (limited to 'seccomp')
| -rw-r--r-- | seccomp/arm/video_device.policy | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/seccomp/arm/video_device.policy b/seccomp/arm/video_device.policy new file mode 100644 index 0000000..f8a722d --- /dev/null +++ b/seccomp/arm/video_device.policy @@ -0,0 +1,25 @@ +# Copyright 2020 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +@include /usr/share/policy/crosvm/common_device.policy + +# Syscalls specific to video devices. +clock_getres: 1 +clock_gettime: 1 +connect: 1 +fcntl64: arg1 == F_GETFL || arg1 == F_SETFL || arg1 == F_DUPFD_CLOEXEC || arg1 == F_GETFD || arg1 == F_SETFD +getegid32: 1 +geteuid32: 1 +getgid32: 1 +getresgid32: 1 +getresuid32: 1 +getsockname: 1 +getuid32: 1 +# ioctl: arg1 == DRM_IOCTL_* +ioctl: arg1 & 0x6400 +openat: 1 +send: 1 +setpriority: 1 +socket: arg0 == AF_UNIX +stat64: 1 |