mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-10-25 13:36:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
crosvm/seccomp/x86_64/xhci.policy
Matt Delco 4389dab579 seccomp: remove redundant unconditional rules 
Minijail's policy compiler complains when there's multiple
unconditional rules for a syscall.  In most cases the rules
are redundant to common_device.policy.  I don't know what
to do about the intentionally contradictory rules for open
and openat, other than to remove then from the common device
policy and add it to all the others.

BUG=None
TEST=Ran compile_seccomp_policy.py until it stopped
complaining.

Change-Id: I6813dd1e0b39e975415662bd7de74c25a1be9eb3
Signed-off-by: Matt Delco <delco@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1918607
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
2020-01-22 17:36:36 +00:00

42 lines
1.2 KiB
Text
Raw Blame History

# Copyright 2018 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
@include /usr/share/policy/crosvm/common_device.policy
lstat: 1
readlink: 1
readlinkat: 1
timerfd_create: 1
name_to_handle_at: 1
access: 1
getsockname: 1
pipe: 1
setsockopt: 1
bind: 1
fcntl: 1
open: return ENOENT
openat: 1
socket: arg0 == AF_NETLINK
stat: 1
uname: 1
# The following ioctls are:
# 0x4008550d == USBDEVFS_REAPURBNDELAY
# 0x41045508 == USBDEVFS_GETDRIVER
# 0x550b == USBDEVFS_DISCARDURB
# 0x8004550f == USBDEVFS_CLAIMINTERFACE
# 0x80045510 == USBDEVFS_RELEASEINTERFACE
# 0x8004551a == USBDEVFS_GET_CAPABILITIES
# 0x8038550a == USBDEVFS_SUBMITURB
# 0xc0185500 == USBDEVFS_CONTROL
# 0x5514 == USBDEVFS_RESET
# 0x80045505 == USBDEVFS_SETCONFIGURATION
# 0x8108551b == USBDEVFS_DISCONNECT_CLAIM
# 0x40085511 == USBDEVFS_CONNECTINFO
# 0x80185520 == USBDEVFS_CONNINFO_EX
ioctl: arg1 == 0xc0185500 || arg1 == 0x41045508 || arg1 == 0x8004550f || arg1 == 0x4008550d || arg1 == 0x8004551a || arg1 == 0x550b || arg1 == 0x80045510 || arg1 == 0x8038550a || arg1 == 0x5514 || arg1 == 0x80045505 || arg1 == 0x8108551b || arg1 == 0x40085511 || arg1 == 0x80185520
fstat: 1
getrandom: 1
getdents: 1
lseek: 1
Reference in a new issue View git blame Copy permalink