From e51529fa92a1c0a004de25052f6980a0871caa7c Mon Sep 17 00:00:00 2001
From: Chia-I Wu <olv@google.com>
Date: Fri, 18 Nov 2022 12:01:49 -0800
Subject: [PATCH] seccomp: allow process_vm_readv to video_device on aarch64

libvda uses libmojo which uses libbase-core.so from libchrome.

After a recent change, libase-core.so's EarlyFeatureAccessTracker tracks
early accesses to features and saves the stacks of the callers using
libunwind.  On aarch64, libunwind can use process_vm_readv.

BUG=b:259631550
TEST=autologin.py -a on trogdor

Change-Id: I40b432eea72993a8a000b5aadf856a376f954835
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4034854
Commit-Queue: Chia-I Wu <olv@google.com>
Auto-Submit: Chia-I Wu <olv@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
---
 seccomp/aarch64/video_device.policy | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/seccomp/aarch64/video_device.policy b/seccomp/aarch64/video_device.policy
index b1cd52f325..11e7382a2e 100644
--- a/seccomp/aarch64/video_device.policy
+++ b/seccomp/aarch64/video_device.policy
@@ -19,3 +19,5 @@ openat: 1
 setpriority: 1
 socket: arg0 == AF_UNIX
 prctl: arg0 == PR_SET_NAME
+# for libmojo used by libvda
+process_vm_readv: 1