1# Copyright 2018 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5# common policy 6brk: 1 7clone: arg0 & CLONE_THREAD 8close: 1 9dup2: 1 10dup: 1 11epoll_create1: 1 12epoll_ctl: 1 13epoll_wait: 1 14eventfd2: 1 15exit: 1 16exit_group: 1 17futex: 1 18getpid: 1 19gettimeofday: 1 20kill: 1 21madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE 22mmap: arg2 in ~PROT_EXEC 23mprotect: arg2 in ~PROT_EXEC 24mremap: 1 25munmap: 1 26nanosleep: 1 27#open: return ENOENT 28#openat: return ENOENT 29pipe2: 1 30poll: 1 31ppoll: 1 32prctl: arg0 == PR_SET_NAME 33read: 1 34recvfrom: 1 35recvmsg: 1 36restart_syscall: 1 37rt_sigaction: 1 38rt_sigprocmask: 1 39rt_sigreturn: 1 40sched_getaffinity: 1 41sendmsg: 1 42set_robust_list: 1 43sigaltstack: 1 44write: 1 45 46# tpm-specific policy 47chdir: 1 48fstat: 1 49fsync: 1 50ftruncate: 1 51getuid: 1 52lseek: 1 53mkdir: 1 54open: 1 55openat: 1 56stat: 1 57