diff options
Diffstat (limited to 'seccomp')
| -rw-r--r-- | seccomp/arm/xhci.policy | 40 | ||||
| -rw-r--r-- | seccomp/x86_64/xhci.policy | 38 |
2 files changed, 78 insertions, 0 deletions
diff --git a/seccomp/arm/xhci.policy b/seccomp/arm/xhci.policy new file mode 100644 index 0000000..0c69bc0 --- /dev/null +++ b/seccomp/arm/xhci.policy @@ -0,0 +1,40 @@ +# Copyright 2018 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +openat: 1 +@include /usr/share/policy/crosvm/common_device.policy + +stat64: 1 +fcntl64: 1 +lstat64: 1 +readlinkat: 1 +getdents64: 1 +getrandom: 1 +name_to_handle_at: 1 +access: 1 +gettid: 1 +clock_gettime: 1 +timerfd_create: 1 +getsockname: 1 +pipe: 1 +setsockopt: 1 +bind: 1 +fcntl: 1 +socket: arg0 == AF_NETLINK +stat: 1 +uname: 1 +# The following ioctls are: +# 0x4004550d == USBDEVFS_REAPURBNDELAY32 +# 0x550b == USBDEVFS_DISCARDURB +# 0x8004550f == USBDEVFS_CLAIMINTERFACE +# 0x80045510 == USBDEVFS_RELEASEINTERFACE +# 0x8004551a == USBDEVFS_GET_CAPABILITIES +# 0x802c550a == USBDEVFS_SUBMITURB +# 0xc0105500 == USBDEVFS_CONTROL +ioctl: arg1 == 0xc0105500 || arg1 == 0x802c550a || arg1 == 0x8004551a || arg1 == 0x4004550d || arg1 == 0x8004550f || arg1 == 0x80045510 || arg1 == 0x550b +fstat: 1 +sigaltstack: 1 +recvmsg: 1 +getrandom: 1 +getdents: 1 diff --git a/seccomp/x86_64/xhci.policy b/seccomp/x86_64/xhci.policy new file mode 100644 index 0000000..0f133d9 --- /dev/null +++ b/seccomp/x86_64/xhci.policy @@ -0,0 +1,38 @@ +# Copyright 2018 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# xhci need "openat" to enumerate device. "openat" is disabled in comman_device policy. +openat: 1 +@include /usr/share/policy/crosvm/common_device.policy + +lstat: 1 +gettid: 1 +readlinkat: 1 +timerfd_create: 1 +name_to_handle_at: 1 +access: 1 +timerfd_create: 1 +getsockname: 1 +pipe: 1 +setsockopt: 1 +bind: 1 +fcntl: 1 +socket: arg0 == AF_NETLINK +stat: 1 +uname: 1 +# The following ioctls are: +# 0x4008550d == USBDEVFS_REAPURBNDELAY +# 0x41045508 == USBDEVFS_GETDRIVER +# 0x550b == USBDEVFS_DISCARDURB +# 0x8004550f == USBDEVFS_CLAIMINTERFACE +# 0x80045510 == USBDEVFS_RELEASEINTERFACE +# 0x8004551a == USBDEVFS_GET_CAPABILITIES +# 0x8038550a == USBDEVFS_SUBMITURB +# 0xc0185500 == USBDEVFS_CONTROL +ioctl: arg1 == 0xc0185500 || arg1 == 0x41045508 || arg1 == 0x8004550f || arg1 == 0x4008550d || arg1 == 0x8004551a || arg1 == 0x550b || arg1 == 0x80045510 || arg1 == 0x8038550a +fstat: 1 +sigaltstack: 1 +recvmsg: 1 +getrandom: 1 +getdents: 1 |