From 7951f16b87eb785248ca57ad24c15c96baf1fb23 Mon Sep 17 00:00:00 2001 From: Sonny Rao Date: Thu, 5 Apr 2018 16:25:34 -0700 Subject: crosvm: aarch64: add seccomp policy for wl_wayland Add a seccomp policy for virtio wayland devices on aarch64. BUG=chromium:797868 TEST=./build_test passes on all architectures TEST=crosvm runs on kevin built with USE="kvm_host" with a wayland socket passed in Change-Id: I89e9904b48598d78be0721ba8b3242d1b43f7aa3 Reviewed-on: https://chromium-review.googlesource.com/999169 Commit-Ready: Sonny Rao Tested-by: Sonny Rao Reviewed-by: Zach Reizner --- seccomp/aarch64/wl_device.policy | 46 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 seccomp/aarch64/wl_device.policy (limited to 'seccomp') diff --git a/seccomp/aarch64/wl_device.policy b/seccomp/aarch64/wl_device.policy new file mode 100644 index 0000000..f7af076 --- /dev/null +++ b/seccomp/aarch64/wl_device.policy @@ -0,0 +1,46 @@ +# Copyright 2018 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +close: 1 +dup: 1 +dup2: 1 +getpid: 1 +exit_group: 1 +futex: 1 +# Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit +# negation, thus the manually negated mask constant. +mmap2: arg2 in 0xfffffffb +mprotect: arg2 in 0xfffffffb +# Allow MADV_DONTDUMP only. +madvise: arg2 == 0x00000010 +munmap: 1 +poll: 1 +ppoll: 1 +read: 1 +recv: 1 +sched_getaffinity: 1 +set_robust_list: 1 +sigaltstack: 1 +# Disallow clone's other than new threads. +# arg0 is flags. Because kernel. +clone: arg0 & 0x00010000 +write: 1 +eventfd2: 1 +# Used to connect to wayland. arg0 == AF_UNIX && arg1 == SOCK_STREAM|SOCK_CLOEXEC +socket: arg0 == 1 && arg1 == 0x80001 && arg2 == 0 +# arg1 == FIONBIO +ioctl: arg1 == 0x5421 +connect: arg2 == 13 +# Used to communicate with wayland +recvmsg: 1 +sendmsg: 1 +# Used for sharing memory with wayland. arg1 == MFD_CLOEXEC|MFD_ALLOW_SEALING +memfd_create: arg1 == 3 +# Used to set of size new memfd +ftruncate: 1 +# Used to determine shm size after recvmsg with fd +_llseek: 1 +# Allow PR_SET_NAME only. +prctl: arg0 == 15 +restart_syscall: 1 -- cgit 1.4.1