mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-06 02:25:23 +00:00
b785cf2bae
On trogdor devices, fstatfs64 is not used. Instead, 32bit fstatfs is used. We need to add both to all 32bit Arm policy files which were originally determined to be problematic. This adds fstsatfs to all 32bit Arm policy files which were modified for the original glibc security change. Additionally, this commit sorts the syscalls lexicographically if the policy file was already sorted. BUG=chromium:1182687 TEST=CQ of http://crrev.com/c/2910526 Change-Id: I42eb12456625d400ee3422af08d56d648e3f9075 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3066144 Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Jordan R Abrahams <ajordanr@google.com>
30 lines
617 B
Text
30 lines
617 B
Text
# Copyright 2020 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
@include /usr/share/policy/crosvm/common_device.policy
|
|
|
|
# Syscalls specific to video devices.
|
|
clock_getres: 1
|
|
clock_getres_time64: 1
|
|
connect: 1
|
|
fstatfs64: 1
|
|
fstatfs: 1
|
|
getegid32: 1
|
|
geteuid32: 1
|
|
getgid32: 1
|
|
getrandom: 1
|
|
getresgid32: 1
|
|
getresuid32: 1
|
|
getsockname: 1
|
|
getuid32: 1
|
|
# ioctl: arg1 == DRM_IOCTL_*
|
|
ioctl: arg1 & 0x6400
|
|
memfd_create: 1
|
|
openat: 1
|
|
sched_yield: 1
|
|
send: 1
|
|
setpriority: 1
|
|
socket: arg0 == AF_UNIX
|
|
stat64: 1
|
|
prctl: arg0 == PR_SET_NAME
|