seccomp: Move prctl in gpu_common to gpu-specific section

The top part of gpu_common.policy is supposed to match common_device.policy, but "prctl" is in this top part and isn't in common_device.policy. A bit of history: * prctl used to be in the common_device.policy but was removed in <https://crrev.com/c/2837307>. * Even when prctl was in common_device.policy, it had different arguments than what we allow in gpu_common.policy. This is a no-op cleanup change. BUG=None TEST=None Change-Id: Ic71c9da3ef9eb24665711d2000416ff9c87d49a1 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3631410 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Commit-Queue: Douglas Anderson <dianders@chromium.org>
2025-02-05 18:20:34 +00:00 · 2022-05-06 13:32:25 -07:00 · 2022-05-06 13:32:25 -07:00 · 0508572d3c
commit 0508572d3c
parent b744af775c
3 changed files with 3 additions and 3 deletions
--- a/seccomp/aarch64/gpu_common.policy
+++ b/seccomp/aarch64/gpu_common.policy
@ -28,7 +28,6 @@ nanosleep: 1
 clock_nanosleep: 1
 pipe2: 1
 ppoll: 1
-prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME
 read: 1
 readlinkat: 1
 readv: 1
@ -63,6 +62,7 @@ newfstatat: 1
 getdents64: 1
 sysinfo: 1
 fstatfs: 1
+prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME

 # 0x6400 == DRM_IOCTL_BASE, 0x8000 = KBASE_IOCTL_TYPE (mali), 0x40086200 = DMA_BUF_IOCTL_SYNC, 0x40087543 == UDMABUF_CREATE_LIST
 ioctl: arg1 & 0x6400 || arg1 & 0x8000 || arg1 == 0x40086200 || arg1 == 0x40087543
--- a/seccomp/arm/gpu_common.policy
+++ b/seccomp/arm/gpu_common.policy
@ -31,7 +31,6 @@ pipe2: 1
 poll: 1
 ppoll: 1
 ppoll_time64: 1
-prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME
 read: 1
 readlink: 1
 readlinkat: 1
@ -72,6 +71,7 @@ getdents64: 1
 sysinfo: 1
 fstatfs: 1
 fstatfs64: 1
+prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME

 # 0x6400 == DRM_IOCTL_BASE, 0x8000 = KBASE_IOCTL_TYPE (mali), 0x40086200 = DMA_BUF_IOCTL_SYNC, 0x40087543 == UDMABUF_CREATE_LIST
 ioctl: arg1 & 0x6400 || arg1 & 0x8000 || arg1 == 0x40086200 || arg1 == 0x40087543
--- a/seccomp/x86_64/gpu_common.policy
+++ b/seccomp/x86_64/gpu_common.policy
@ -29,7 +29,6 @@ clock_nanosleep: 1
 pipe2: 1
 poll: 1
 ppoll: 1
-prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME
 read: 1
 readlink: 1
 readlinkat: 1
@ -79,6 +78,7 @@ stat: 1
 statx: 1
 sysinfo: 1
 fstatfs: 1
+prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME

 # Required for perfetto tracing
 # fcntl: arg1 == F_SETFD || arg1 == F_GETFL || arg1 == F_SETFL (merged above)