From 8488a0bbbb5828eb0cea77f4081ceecec0119707 Mon Sep 17 00:00:00 2001
From: Matt Delco <delco@chromium.org>
Date: Fri, 31 Jan 2020 17:29:45 -0800
Subject: seccomp: remove redundant unconditional arm/arm64 rules

Minijail's policy compiler complains when there's multiple
unconditional rules for a syscall.  In most cases the rules
are redundant to common_device.policy.

BUG=None
TEST=Ran compile_seccomp_policy.py until it stopped
complaining.

Change-Id: Ic43d1fd13f9c012641d71e526942229eb8b08ed4
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2034024
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
---
 seccomp/aarch64/vhost_vsock_device.policy | 1 +
 1 file changed, 1 insertion(+)

(limited to 'seccomp/aarch64/vhost_vsock_device.policy')

diff --git a/seccomp/aarch64/vhost_vsock_device.policy b/seccomp/aarch64/vhost_vsock_device.policy
index 9cdc57f..82b6650 100644
--- a/seccomp/aarch64/vhost_vsock_device.policy
+++ b/seccomp/aarch64/vhost_vsock_device.policy
@@ -22,3 +22,4 @@
 # arg1 == VHOST_VSOCK_SET_GUEST_CID ||
 # arg1 == VHOST_VSOCK_SET_RUNNING
 ioctl: arg1 == 0x8008af00 || arg1 == 0x4008af00 || arg1 == 0x0000af01 || arg1 == 0x0000af02 || arg1 == 0x4008af03 || arg1 == 0x4008af04 || arg1 == 0x4004af07 || arg1 == 0x4008af10 || arg1 == 0x4028af11 || arg1 == 0x4008af12 || arg1 == 0xc008af12 || arg1 == 0x4008af20 || arg1 == 0x4008af21 || arg1 == 0x4008af22 || arg1 == 0x4008af60 || arg1 == 0x4004af61
+openat: return ENOENT
-- 
cgit 1.4.1