diff options
| author | Manoj Gupta <manojgupta@google.com> | 2018-09-01 09:00:24 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-09-02 02:13:50 -0700 |
| commit | c84149a9cd4aafa998a97738fe5af32fb90f353a (patch) | |
| tree | a0ae0aa2f32cc3e4e4217550ebdb9cee834386d8 /seccomp | |
| parent | 400399da40785d27b86863f81d14d296ebe993dc (diff) | |
| download | adhd-c84149a9cd4aafa998a97738fe5af32fb90f353a.tar.gz | |
adhd: Add an arm64 seccomp policy.
Use arm policy as the base but rename 32-bit versions by 64-bit
ones.
BUG=chromium:878565
TEST=emerge-kevin64 adhd
Change-Id: I8a7b116b8a16c5a3bd5fa0a4120bcb5158994205
Reviewed-on: https://chromium-review.googlesource.com/1200902
Commit-Ready: Manoj Gupta <manojgupta@chromium.org>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Diffstat (limited to 'seccomp')
| -rw-r--r-- | seccomp/cras-seccomp-arm64.policy | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/seccomp/cras-seccomp-arm64.policy b/seccomp/cras-seccomp-arm64.policy new file mode 100644 index 00000000..0b499622 --- /dev/null +++ b/seccomp/cras-seccomp-arm64.policy @@ -0,0 +1,87 @@ +# Copyright 2018 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +clock_gettime: 1 +poll: 1 +read: 1 +ppoll: 1 +write: 1 +recv: 1 +send: 1 +recvmsg: 1 +lstat64: 1 +fstat64: 1 +open: 1 +close: 1 +fcntl64: 1 +readlinkat: 1 +sendmsg: 1 +access: 1 +getrandom: 1 +mmap2: 1 +epoll_wait: 1 +getsockopt: 1 +accept: 1 +stat64: 1 +mprotect: 1 +gettimeofday: 1 +getdents64: 1 +brk: 1 +statfs: 1 +readlink: 1 +munmap: 1 +rt_sigaction: 1 +lgetxattr: 1 +unlink: 1 +lsetxattr: 1 +rt_sigprocmask: 1 +ftruncate: 1 +futex: 1 +execve: 1 +set_robust_list: 1 +socket: arg0 == AF_UNIX || arg0 == AF_BLUETOOTH || arg0 == AF_NETLINK +clone: 1 +setsockopt: 1 +geteuid: 1 +ugetrlimit: 1 +uname: 1 +connect: 1 +bind: 1 +_llseek: 1 +getuid: 1 +getgid: 1 +getegid: 1 +pipe: 1 +flock: 1 +set_tid_address: 1 +exit_group: 1 +getsockname: 1 +getdents: 1 +nanosleep: 1 +epoll_ctl: 1 +sched_setscheduler: 1 +restart_syscall: 1 +rt_sigreturn: 1 +getresuid: 1 +exit: 1 +prctl: arg0 == PR_SET_NAME +clock_getres: 1 +epoll_create1: 1 +fchmod: 1 +setrlimit: 1 +listen: 1 +gettid: 1 +sched_get_priority_min: 1 +chmod: 1 +madvise: 1 +getresgid: 1 +pipe2: 1 +sched_get_priority_max: 1 +sysinfo: 1 +flock: 1 + +# Allow ioctl command of type 'A' and 'U' for SNDRV_PCM_IOCTL_* and +# SNDRV_CTL_IOCTL_*, and EVIOCGSW(8), EVIOCGNAME(256), EVIOCGBIT(0x05, 8), +# HCIGETDEVINFO +ioctl: arg1 in 0xffff41ff && arg1 & 0x00004100 || arg1 in 0xffff55ff && arg1 & 0x00005500 || arg1 == 0x8008451b || arg1 == 0x81004506 || arg1 == 0x80084525 || arg1 == 0x800448d3 |