From 2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b Mon Sep 17 00:00:00 2001
From: Zach Reizner <zachr@google.com>
Date: Fri, 26 Jul 2019 13:24:35 -0700
Subject: [PATCH] seccomp: add sendto, writev, and readv to common seccomp
 policies

Using syslog from glibc will use some syscalls we haven't seen before,
leading to the process getting killed. This change fixes that.

TEST=use syslog from C
BUG=chromium:988082

Change-Id: I4cfb317a8faf70188995487f4fa844229683d6d1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1721616
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
---
 seccomp/arm/common_device.policy    | 3 +++
 seccomp/x86_64/common_device.policy | 3 +++
 seccomp/x86_64/gpu_device.policy    | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/seccomp/arm/common_device.policy b/seccomp/arm/common_device.policy
index d2b5a6b3cd..7340145918 100644
--- a/seccomp/arm/common_device.policy
+++ b/seccomp/arm/common_device.policy
@@ -30,6 +30,7 @@ poll: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME
 read: 1
+readv: 1
 recv: 1
 recvfrom: 1
 recvmsg: 1
@@ -39,6 +40,8 @@ rt_sigprocmask: 1
 rt_sigreturn: 1
 sched_getaffinity: 1
 sendmsg: 1
+sendto: 1
 set_robust_list: 1
 sigaltstack: 1
 write: 1
+writev: 1
diff --git a/seccomp/x86_64/common_device.policy b/seccomp/x86_64/common_device.policy
index 2379b958dd..81ebb18fcb 100644
--- a/seccomp/x86_64/common_device.policy
+++ b/seccomp/x86_64/common_device.policy
@@ -30,6 +30,7 @@ poll: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME
 read: 1
+readv: 1
 recvfrom: 1
 recvmsg: 1
 restart_syscall: 1
@@ -38,6 +39,8 @@ rt_sigprocmask: 1
 rt_sigreturn: 1
 sched_getaffinity: 1
 sendmsg: 1
+sendto: 1
 set_robust_list: 1
 sigaltstack: 1
 write: 1
+writev: 1
diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy
index b6caa82cf0..ac7292dfbb 100644
--- a/seccomp/x86_64/gpu_device.policy
+++ b/seccomp/x86_64/gpu_device.policy
@@ -28,6 +28,7 @@ poll: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME
 read: 1
+readv: 1
 recvfrom: 1
 recvmsg: 1
 restart_syscall: 1
@@ -36,9 +37,11 @@ rt_sigprocmask: 1
 rt_sigreturn: 1
 sched_getaffinity: 1
 sendmsg: 1
+sendto: 1
 set_robust_list: 1
 sigaltstack: 1
 write: 1
+writev: 1
 
 # Rules specific to gpu
 connect: 1