This USB ioctl is used in usb_util::Device::clear_halt(), but it was not
allowed in the seccomp policy.
BUG=chromium:1167286
TEST=Attach Keyspan USA-19H USB serial adapter to Crostini
Change-Id: I625cde121a0a248046e476eecd732a98530811dc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2633824
Reviewed-by: Matthew Blecker <matthewb@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Matthew Blecker <matthewb@chromium.org>
Commit-Queue: Matthew Blecker <matthewb@chromium.org>
Minijail's policy compiler complains when there's multiple
unconditional rules for a syscall. In most cases the rules
are redundant to common_device.policy. I don't know what
to do about the intentionally contradictory rules for open
and openat, other than to remove then from the common device
policy and add it to all the others.
BUG=None
TEST=Ran compile_seccomp_policy.py until it stopped
complaining.
Change-Id: I6813dd1e0b39e975415662bd7de74c25a1be9eb3
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1918607
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
The gettid syscall is used in some corners of glibc and it is a fairly
harmless syscall (we already give getpid), so this change moves it to
the common policy.
TEST=None
BUG=chromium:996938
Change-Id: I129644273f2f02fe917255c7157c48b99c329045
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1952565
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
The layout of struct usbfs_conninfo_ex was changed in the final revision
of the patch, so the corresponding ioctl number needs to change to
match, since the parameter size is encoded in the ioctl.
The new size is 0x18 or 24, which matches the struct usbfs_conninfo_ex
layout with 7 ports.
BUG=chromium:977020
TEST=Attach Android device to Linux VM on nami
Change-Id: Iec60b4c04880d7d2c71fdea49cfdf7fb5a75f5c6
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1669530
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Dmitry Torokhov <dtor@chromium.org>
Commit-Queue: Dmitry Torokhov <dtor@chromium.org>
The updated version of libusb uses USBFS_CONNECTINFO and
USBFS_CONNINFO_EX ioctls, as well as readlink and lseek syscalls,
so let's enable them.
BUG=b:133773289
TEST=Try attaching a USB device to Crostini VM.
Change-Id: Ibdcab2da9abe1c0bb35c989d9d62b44ce403e268
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1650534
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Dmitry Torokhov <dtor@chromium.org>
This enables the full firmware update/reset/use device in application
mode sequence for Edge TPU USB Accelerator.
There is a bit of a UI hiccup: once the firmware update and reset is
complete, the device re-enumerates with a different VID/PID, and the
"Connect to Linux" prompt shows up again. The user must re-affirm that
the device should be connected to Linux to proceed with using the Edge
TPU. This may be unavoidable - I'm not sure if we can tell the
difference between a newly-inserted device and a reset one.
Allowing USBDEVFS_DISCONNECT_CLAIM should be safe, since it can only
operate on file descriptors passed into the xhci device jail.
BUG=chromium:831850
TEST=Run Edge TPU Accelerator demo and verify that it can update FW
Change-Id: I3d61c7bd914830ce25448b1ae4d60e1c16f10aed
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1599881
Reviewed-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
1. Removed for device slot reset and evaluate context. The verification was
unnecessary and may cause some guest kernel operations to fail.
2. The context was updated after dequeue pointer set
3. Reset device when it's attached.
4. Add seccomp rules to allow the above reset.
The verification was copied from another implementation which works for
adb, but does not work with serial devices. The verification is also not
part of the spec, so we removed it here.
BUG=b:131336977
TEST=local build and test
Change-Id: Ifd7994ff5512346d1bab27654e60c97a602da8a6
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Signed-off-by: Zach Reizner <zachr@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1558934
Tested-by: kokoro <noreply+kokoro@google.com>
