From c84149a9cd4aafa998a97738fe5af32fb90f353a Mon Sep 17 00:00:00 2001 From: Manoj Gupta Date: Sat, 1 Sep 2018 09:00:24 -0700 Subject: adhd: Add an arm64 seccomp policy. Use arm policy as the base but rename 32-bit versions by 64-bit ones. BUG=chromium:878565 TEST=emerge-kevin64 adhd Change-Id: I8a7b116b8a16c5a3bd5fa0a4120bcb5158994205 Reviewed-on: https://chromium-review.googlesource.com/1200902 Commit-Ready: Manoj Gupta Tested-by: Manoj Gupta Reviewed-by: Mike Frysinger --- seccomp/cras-seccomp-arm64.policy | 87 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 seccomp/cras-seccomp-arm64.policy (limited to 'seccomp') diff --git a/seccomp/cras-seccomp-arm64.policy b/seccomp/cras-seccomp-arm64.policy new file mode 100644 index 00000000..0b499622 --- /dev/null +++ b/seccomp/cras-seccomp-arm64.policy @@ -0,0 +1,87 @@ +# Copyright 2018 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +clock_gettime: 1 +poll: 1 +read: 1 +ppoll: 1 +write: 1 +recv: 1 +send: 1 +recvmsg: 1 +lstat64: 1 +fstat64: 1 +open: 1 +close: 1 +fcntl64: 1 +readlinkat: 1 +sendmsg: 1 +access: 1 +getrandom: 1 +mmap2: 1 +epoll_wait: 1 +getsockopt: 1 +accept: 1 +stat64: 1 +mprotect: 1 +gettimeofday: 1 +getdents64: 1 +brk: 1 +statfs: 1 +readlink: 1 +munmap: 1 +rt_sigaction: 1 +lgetxattr: 1 +unlink: 1 +lsetxattr: 1 +rt_sigprocmask: 1 +ftruncate: 1 +futex: 1 +execve: 1 +set_robust_list: 1 +socket: arg0 == AF_UNIX || arg0 == AF_BLUETOOTH || arg0 == AF_NETLINK +clone: 1 +setsockopt: 1 +geteuid: 1 +ugetrlimit: 1 +uname: 1 +connect: 1 +bind: 1 +_llseek: 1 +getuid: 1 +getgid: 1 +getegid: 1 +pipe: 1 +flock: 1 +set_tid_address: 1 +exit_group: 1 +getsockname: 1 +getdents: 1 +nanosleep: 1 +epoll_ctl: 1 +sched_setscheduler: 1 +restart_syscall: 1 +rt_sigreturn: 1 +getresuid: 1 +exit: 1 +prctl: arg0 == PR_SET_NAME +clock_getres: 1 +epoll_create1: 1 +fchmod: 1 +setrlimit: 1 +listen: 1 +gettid: 1 +sched_get_priority_min: 1 +chmod: 1 +madvise: 1 +getresgid: 1 +pipe2: 1 +sched_get_priority_max: 1 +sysinfo: 1 +flock: 1 + +# Allow ioctl command of type 'A' and 'U' for SNDRV_PCM_IOCTL_* and +# SNDRV_CTL_IOCTL_*, and EVIOCGSW(8), EVIOCGNAME(256), EVIOCGBIT(0x05, 8), +# HCIGETDEVINFO +ioctl: arg1 in 0xffff41ff && arg1 & 0x00004100 || arg1 in 0xffff55ff && arg1 & 0x00005500 || arg1 == 0x8008451b || arg1 == 0x81004506 || arg1 == 0x80084525 || arg1 == 0x800448d3 -- cgit v1.2.3