mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-10 12:09:31 +00:00
1dab58a2cf
This search/replace updates all copyright notices to drop the "All rights reserved", Use "ChromiumOS" instead of "Chromium OS" and drops the trailing dots. This fulfills the request from legal and unifies our notices. ./tools/health-check has been updated to only accept this style. BUG=b:246579983 TEST=./tools/health-check Change-Id: I87a80701dc651f1baf4820e5cc42469d7c5f5bf7 Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3894243 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Dennis Kempin <denniskempin@google.com>
111 lines
2.2 KiB
Text
111 lines
2.2 KiB
Text
# Copyright 2021 The ChromiumOS Authors
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# Rules from common_device.policy with some rules removed because they block certain flags needed
|
|
# for gpu.
|
|
brk: 1
|
|
close: 1
|
|
dup2: 1
|
|
dup: 1
|
|
epoll_create1: 1
|
|
epoll_ctl: 1
|
|
epoll_wait: 1
|
|
eventfd2: 1
|
|
exit: 1
|
|
exit_group: 1
|
|
futex: 1
|
|
futex_time64: 1
|
|
getcwd: 1
|
|
getpid: 1
|
|
gettid: 1
|
|
gettimeofday: 1
|
|
io_uring_setup: 1
|
|
io_uring_enter: 1
|
|
kill: 1
|
|
madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE || arg2 == MADV_MERGEABLE
|
|
mremap: 1
|
|
munmap: 1
|
|
nanosleep: 1
|
|
clock_nanosleep: 1
|
|
clock_nanosleep_time64: 1
|
|
pipe2: 1
|
|
poll: 1
|
|
ppoll: 1
|
|
ppoll_time64: 1
|
|
read: 1
|
|
readlink: 1
|
|
readlinkat: 1
|
|
readv: 1
|
|
recv: 1
|
|
recvfrom: 1
|
|
recvmsg: 1
|
|
recvmmsg_time64: 1
|
|
restart_syscall: 1
|
|
rseq: 1
|
|
rt_sigaction: 1
|
|
rt_sigprocmask: 1
|
|
rt_sigreturn: 1
|
|
sched_getaffinity: 1
|
|
sched_yield: 1
|
|
sendmsg: 1
|
|
sendto: 1
|
|
set_robust_list: 1
|
|
sigaltstack: 1
|
|
write: 1
|
|
writev: 1
|
|
uname: 1
|
|
|
|
# Required for perfetto tracing
|
|
getsockopt: 1
|
|
shutdown: 1
|
|
|
|
## Rules specific to gpu
|
|
connect: 1
|
|
getrandom: 1
|
|
_llseek: 1
|
|
ftruncate64: 1
|
|
stat64: 1
|
|
statx: 1
|
|
fstat64: 1
|
|
fstatat64: 1
|
|
getdents: 1
|
|
getdents64: 1
|
|
sysinfo: 1
|
|
fstatfs: 1
|
|
fstatfs64: 1
|
|
prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME
|
|
|
|
# 0x6400 == DRM_IOCTL_BASE, 0x8000 = KBASE_IOCTL_TYPE (mali), 0x40086200 = DMA_BUF_IOCTL_SYNC, 0x40087543 == UDMABUF_CREATE_LIST
|
|
ioctl: arg1 & 0x6400 || arg1 & 0x8000 || arg1 == 0x40086200 || arg1 == 0x40087543
|
|
|
|
# Used for sharing memory with wayland. arg1 == MFD_CLOEXEC|MFD_ALLOW_SEALING
|
|
memfd_create: arg1 == 3
|
|
|
|
## mmap/mprotect differ from the common_device.policy
|
|
mmap2: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ
|
|
mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ
|
|
open: return ENOENT
|
|
openat: 1
|
|
|
|
## Rules specific to pvr
|
|
geteuid32: 1
|
|
getuid32: 1
|
|
lstat64: 1
|
|
fcntl64: 1
|
|
tgkill: 1
|
|
clock_gettime: 1
|
|
clock_gettime64: 1
|
|
|
|
# Rules specific to Mesa.
|
|
sched_setscheduler: 1
|
|
sched_setaffinity: 1
|
|
kcmp: 1
|
|
|
|
# Rules for Mesa's u_trace thread
|
|
setpriority: 1
|
|
|
|
# Rules for Vulkan loader / layers
|
|
access: 1
|
|
getgid32: 1
|
|
getegid32: 1
|