diff options
Diffstat (limited to 'tests/plugin.policy')
| -rw-r--r-- | tests/plugin.policy | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/tests/plugin.policy b/tests/plugin.policy new file mode 100644 index 0000000..960c8e5 --- /dev/null +++ b/tests/plugin.policy @@ -0,0 +1,47 @@ +# Copyright 2017 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +close: 1 +dup: 1 +dup2: 1 +execve: 1 +exit_group: 1 +futex: 1 +lseek: 1 +mprotect: 1 +munmap: 1 +read: 1 +recvfrom: 1 +sched_getaffinity: 1 +set_robust_list: 1 +sigaltstack: 1 +# Disallow clone's other than new threads. +clone: arg0 & 0x00010000 +write: 1 +eventfd2: 1 +poll: 1 +getpid: 1 +# Allow PR_SET_NAME only. +prctl: arg0 == 15 +access: 1 +arch_prctl: 1 +brk: 1 +exit: 1 +fcntl: 1 +fstat: 1 +ftruncate: 1 +getcwd: 1 +getrlimit: 1 +madvise: 1 +memfd_create: 1 +mmap: 1 +open: 1 +recvmsg: 1 +restart_syscall: 1 +rt_sigaction: 1 +rt_sigprocmask: 1 +sendmsg: 1 +set_tid_address: 1 +stat: 1 +writev: 1 |