1# Copyright 2021 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5# Rules from common_device.policy with some rules removed because they block certain flags needed 6# for gpu. 7brk: 1 8clock_gettime: 1 9close: 1 10dup3: 1 11dup: 1 12epoll_create1: 1 13epoll_ctl: 1 14epoll_pwait: 1 15eventfd2: 1 16exit: 1 17exit_group: 1 18futex: 1 19getcwd: 1 20getpid: 1 21gettimeofday: 1 22kill: 1 23madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE 24mremap: 1 25munmap: 1 26nanosleep: 1 27clock_nanosleep: 1 28pipe2: 1 29ppoll: 1 30prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME 31read: 1 32readlinkat: 1 33readv: 1 34recvfrom: 1 35recvmsg: 1 36restart_syscall: 1 37rt_sigaction: 1 38rt_sigprocmask: 1 39rt_sigreturn: 1 40sched_getaffinity: 1 41sendmsg: 1 42sendto: 1 43set_robust_list: 1 44sigaltstack: 1 45write: 1 46writev: 1 47uname: 1 48 49# Required for perfetto tracing 50getsockopt: 1 51shutdown: 1 52 53## Rules specific to gpu 54connect: 1 55getrandom: 1 56lseek: 1 57ftruncate: 1 58statx: 1 59fstat: 1 60newfstatat: 1 61getdents64: 1 62sysinfo: 1 63fstatfs: 1 64 65# 0x6400 == DRM_IOCTL_BASE, 0x8000 = KBASE_IOCTL_TYPE (mali), 0x40086200 = DMA_BUF_IOCTL_SYNC, 0x40087543 == UDMABUF_CREATE_LIST 66ioctl: arg1 & 0x6400 || arg1 & 0x8000 || arg1 == 0x40086200 || arg1 == 0x40087543 67 68## mmap/mprotect differ from the common_device.policy 69mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ 70mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ 71openat: 1 72 73## Rules specific to pvr 74geteuid: 1 75getuid: 1 76gettid: 1 77fcntl: 1 78tgkill: 1 79 80# Rules specific to Mesa. 81sched_setscheduler: 1 82sched_setaffinity: 1 83kcmp: 1 84