mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-02-06 10:32:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
2862 commits 607 branches 2 tags 236 MiB
Commit graph

5 commits

Author SHA1 Message Date
Dennis Kempin
b1751f360e seccomp: Allow lseek on cras_audio_device 
The syscall is used for the file backed memory region used
by the audio device since https://crrev.com/c/3159883

BUG=b:208264646
TEST=CQ

Change-Id: I02c24da6389d60847996a62ee0eab658f9c4f7cf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3307240
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Tested-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
 2021-11-29 23:28:45 +00:00
Chih-Yang Hsia
4dd683a354 ac97: Add timerfd operations to accepted list 
Since CL:2999451, libcras is using timerfd features from `cros_async`,
we need to add timerfd operations to the accepted list of
`cras_audio_device`'s seccomp policy files.

BUG=b:179757101
BUG=b:194452080
TEST=tast run ${DUT_IP} arc.Notification.vm

Change-Id: I74b33fa1e304fccc95b7326e04bedc32feff85f1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3047951
Auto-Submit: Chih-Yang Hsia <paulhsia@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
 2021-07-23 18:43:21 +00:00
Jorge E. Moreira
c8cff01c36 Specify prctl's policy only once per device 
The libminijail version in AOSP complains when there are multiple entries for
the same system call, which was the case for virtio-fs's policy.

BUG=b/185811304

Change-Id: I389c07c86e7d79f16e4f47a893abad598033352a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2837307
Commit-Queue: Jorge Moreira Broche <jemoreira@google.com>
Tested-by: Jorge Moreira Broche <jemoreira@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
 2021-04-20 22:50:20 +00:00
Matt Delco
8488a0bbbb seccomp: remove redundant unconditional arm/arm64 rules 
Minijail's policy compiler complains when there's multiple
unconditional rules for a syscall.  In most cases the rules
are redundant to common_device.policy.

BUG=None
TEST=Ran compile_seccomp_policy.py until it stopped
complaining.

Change-Id: Ic43d1fd13f9c012641d71e526942229eb8b08ed4
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2034024
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
 2020-02-04 23:27:21 +00:00
Stephen Boyd
cef1079c20 seccomp: Add initial arm64 seccomp filters 
BUG=chromium:1029666
TEST=tast run crostini.LaunchTerminal.download_buster

Change-Id: I8fa7dc9df4d5f0144aed80fcd60307036fc7e16d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1946765
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Stephen Barber <smbarber@chromium.org>
Commit-Queue: Stephen Barber <smbarber@chromium.org>
 2019-12-06 19:06:34 +00:00