mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-10 20:19:07 +00:00
01e2724335
Initializing gralloc may spawn threads, so it needs to be done after sandboxing the wl device. Initializing gralloc requires expanding the wl device's sandbox. Rather than trying to maintain a new dedicated minijail configuration for wl, reuse the gpu's configuration. This should be sufficient, since virglrenderer has to open minigbm within the sandboxed gpu process. BUG=None TEST=ARCVM and crostini GUI on volteer, zorc-arc-r, grunt-arc-r Change-Id: I291fb59c665a8ba65058a6f55dee959c839bb43c Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3787936 Commit-Queue: David Stevens <stevensd@chromium.org> Reviewed-by: Ryan Neph <ryanneph@google.com> Tested-by: David Stevens <stevensd@chromium.org>
11 lines
564 B
Text
11 lines
564 B
Text
# Copyright 2018 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
@include /usr/share/policy/crosvm/gpu_common.policy
|
|
|
|
clone: arg0 & CLONE_THREAD
|
|
# Used to connect to wayland. arg0 == AF_UNIX && arg1 == SOCK_STREAM|SOCK_CLOEXEC
|
|
socket: arg0 == 1 && arg1 == 0x80001 && arg2 == 0
|
|
# arg1 == FIONBIO || arg1 == DMA_BUF_IOCTL_SYNC || arg1 == SYNC_IOC_FILE_INFO || arg1 & DRM_IOCTL_BASE
|
|
ioctl: arg1 == 0x5421 || arg1 == 0x40086200 || arg1 == 0xc0383e04 || arg1 & 0x6400
|