From acc0f2006242916a8a3246cd53ebe14347f3feca Mon Sep 17 00:00:00 2001
From: Allen Webb <allenwebb@google.com>
Date: Mon, 10 Oct 2022 19:11:41 +0000
Subject: [PATCH] tests: Filter args2 in plugin.policy.

We don't want mprotect or mmap being called with write and execute at
the same time. This policy is for a test, but still filter the arguments
incase this policy is used as a starting point elsewhere.

BUG=b:172212144
TEST=Kokoro passes

Change-Id: I8be82a9af7e404a4eb17f5b2fbb1e6269447de11
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3942708
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Allen Webb <allenwebb@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
---
 tests/plugin.policy | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/plugin.policy b/tests/plugin.policy
index f9a3528df3..8ede3cc073 100644
--- a/tests/plugin.policy
+++ b/tests/plugin.policy
@@ -10,7 +10,7 @@ exit_group: 1
 futex: 1
 kill: 1
 lseek: 1
-mprotect: 1
+mprotect: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
 munmap: 1
 read: 1
 recvfrom: 1
@@ -39,7 +39,7 @@ getrlimit: 1
 ioctl: arg1 == 0x800454CF
 madvise: 1
 memfd_create: 1
-mmap: 1
+mmap: arg2 in ~PROT_EXEC || arg2 in ~PROT_WRITE
 open: 1
 openat: 1
 prlimit64: arg2 == 0 && arg3 != 0