tree-wide: seccomp: allow clock_nanosleep syscalls

Starting with 2.32 glibc nanosleep() was refactored to use the
clock_nanosleep syscall so various software will fail unless
the new syscall is allowed. We can't just drop the old nanosleep
syscall because it will break glibc 2.27 which is still used.

See glibc commits:
807edded25 nptl: Refactor thrd_sleep in terms of clock_nanosleep
3537ecb49c Refactor nanosleep in terms of clock_nanosleep
79a547b162 nptl: Move nanosleep implementation to libc

This is a bulk edit done with the following command:
git grep -rl 'nanosleep: 1' | xargs sed -i \
                           '/^nanosleep: 1/a clock_nanosleep: 1'

BUG=chromium:1171287
TEST=Local builds and booting on kevin/64/eve/minnie.

Change-Id: I975535078d88200f52319c7eea3a4c7ebf299933
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2735575
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>

seccomp/aarch64/common_device.policy

@@ -25,6 +25,7 @@ mprotect: arg2 in ~PROT_EXEC
 mremap: 1
 munmap: 1
 nanosleep: 1
+clock_nanosleep: 1
 pipe2: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME

seccomp/aarch64/gpu_device.policy

@@ -23,6 +23,7 @@ madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE
 mremap: 1
 munmap: 1
 nanosleep: 1
+clock_nanosleep: 1
 pipe2: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME

seccomp/aarch64/tpm_device.policy

@@ -25,6 +25,7 @@ mprotect: arg2 in ~PROT_EXEC
 mremap: 1
 munmap: 1
 nanosleep: 1
+clock_nanosleep: 1
 pipe2: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME

seccomp/aarch64/vios_audio_device.policy

@@ -5,7 +5,6 @@
 @include /usr/share/policy/crosvm/common_device.policy
 
 clock_gettime: 1
-clock_nanosleep: 1
 lseek: 1
 openat: return ENOENT
 prlimit64: 1

seccomp/arm/common_device.policy

@@ -26,6 +26,7 @@ mprotect: arg2 in ~PROT_EXEC
 mremap: 1
 munmap: 1
 nanosleep: 1
+clock_nanosleep: 1
 pipe2: 1
 poll: 1
 ppoll: 1

seccomp/arm/gpu_device.policy

@@ -23,6 +23,7 @@ madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE
 mremap: 1
 munmap: 1
 nanosleep: 1
+clock_nanosleep: 1
 pipe2: 1
 poll: 1
 ppoll: 1

seccomp/arm/tpm_device.policy

@@ -25,6 +25,7 @@ mprotect: arg2 in ~PROT_EXEC
 mremap: 1
 munmap: 1
 nanosleep: 1
+clock_nanosleep: 1
 pipe2: 1
 poll: 1
 ppoll: 1

seccomp/arm/vios_audio_device.policy

@@ -5,7 +5,6 @@
 @include /usr/share/policy/crosvm/common_device.policy
 
 clock_gettime: 1
-clock_nanosleep: 1
 lseek: 1
 open: return ENOENT
 openat: return ENOENT

seccomp/x86_64/common_device.policy

@@ -27,6 +27,7 @@ mprotect: arg2 in ~PROT_EXEC
 mremap: 1
 munmap: 1
 nanosleep: 1
+clock_nanosleep: 1
 pipe2: 1
 poll: 1
 ppoll: 1

seccomp/x86_64/gpu_device.policy

@@ -25,6 +25,7 @@ madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE
 mremap: 1
 munmap: 1
 nanosleep: 1
+clock_nanosleep: 1
 pipe2: 1
 poll: 1
 ppoll: 1

seccomp/x86_64/tpm_device.policy

@@ -25,6 +25,7 @@ mprotect: arg2 in ~PROT_EXEC
 mremap: 1
 munmap: 1
 nanosleep: 1
+clock_nanosleep: 1
 pipe2: 1
 poll: 1
 ppoll: 1

seccomp/x86_64/vios_audio_device.policy

@@ -5,7 +5,6 @@
 @include /usr/share/policy/crosvm/common_device.policy
 
 clock_gettime: 1
-clock_nanosleep: 1
 lseek: 1
 open: return ENOENT
 openat: return ENOENT