diff options
author | Stephen Barber <smbarber@chromium.org> | 2019-12-05 17:31:30 -0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-12-06 09:35:33 +0000 |
commit | bbc866e7deea7193c3ed1becbe9c5e617ca79df4 (patch) | |
tree | 7950d12408c21c1ef58dc37c9882c790a5d29dff /seccomp | |
parent | 85abeff27f6256725621c4db749d4401078236d8 (diff) | |
download | crosvm-bbc866e7deea7193c3ed1becbe9c5e617ca79df4.tar crosvm-bbc866e7deea7193c3ed1becbe9c5e617ca79df4.tar.gz crosvm-bbc866e7deea7193c3ed1becbe9c5e617ca79df4.tar.bz2 crosvm-bbc866e7deea7193c3ed1becbe9c5e617ca79df4.tar.lz crosvm-bbc866e7deea7193c3ed1becbe9c5e617ca79df4.tar.xz crosvm-bbc866e7deea7193c3ed1becbe9c5e617ca79df4.tar.zst crosvm-bbc866e7deea7193c3ed1becbe9c5e617ca79df4.zip |
seccomp: add memfd_create to arm gpu_device.policy
BUG=chromium:1031360 TEST=graphics.CrostiniTraceGlxgears Change-Id: I9b416a4a50b7747a0914b33d719f2459c499f71d Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1954219 Tested-by: kokoro <noreply+kokoro@google.com> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org> Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org> Commit-Queue: Stephen Barber <smbarber@chromium.org>
Diffstat (limited to 'seccomp')
-rw-r--r-- | seccomp/arm/gpu_device.policy | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/seccomp/arm/gpu_device.policy b/seccomp/arm/gpu_device.policy index fd1e4d7..f177775 100644 --- a/seccomp/arm/gpu_device.policy +++ b/seccomp/arm/gpu_device.policy @@ -59,6 +59,9 @@ getdents64: 1 # 0x6400 == DRM_IOCTL_BASE, 0x8000 = KBASE_IOCTL_TYPE (mali) ioctl: arg1 & 0x6400 || arg1 & 0x8000 +# Used for sharing memory with wayland. arg1 == MFD_CLOEXEC|MFD_ALLOW_SEALING +memfd_create: arg1 == 3 + ## mmap/mprotect/openat differ from the common_device.policy mmap2: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ |