From d39dd9af7172a4d7fdafaa37fa8569e02e0de556 Mon Sep 17 00:00:00 2001
From: Daniel Verkamp <dverkamp@chromium.org>
Date: Thu, 7 Feb 2019 09:51:01 -0800
Subject: seccomp: add mremap to arm common_device.policy

The glibc realloc() implementation may call the mremap syscall in some
cases; we currently allow mremap in x86_64/common_device.policy but not
the arm equivalent, but this path appears to be reachable on any Linux
platform[1].  Add mremap to the arm policy as well for consistency.

mremap is no more powerful than the existing mmap and munmap syscalls,
so I believe this is safe to allow for all device processes.

Also reorder the mmap2 line in the arm policy so it is in alphabetical
order and can be more easily compared to the x86_64 policy.

BUG=chromium:927919
TEST=Boot crosvm on kevin

[1]: https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=6e766d11bc85b6480fa5c9f2a76559f8acf9deb5;hb=HEAD#l2854

Change-Id: Ie51a21baf30d3e37ce3adacf8e255f981613543d
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1459020
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
---
 seccomp/arm/common_device.policy | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'seccomp')

diff --git a/seccomp/arm/common_device.policy b/seccomp/arm/common_device.policy
index 25db5af..9ccf48b 100644
--- a/seccomp/arm/common_device.policy
+++ b/seccomp/arm/common_device.policy
@@ -17,9 +17,10 @@ futex: 1
 getpid: 1
 gettimeofday: 1
 kill: 1
-mmap2: arg2 in ~PROT_EXEC
 madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE
+mmap2: arg2 in ~PROT_EXEC
 mprotect: arg2 in ~PROT_EXEC
+mremap: 1
 munmap: 1
 nanosleep: 1
 open: return ENOENT
-- 
cgit 1.4.1