• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2021 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5# Rules from common_device.policy with some rules removed because they block certain flags needed
6# for gpu.
7brk: 1
8close: 1
9dup2: 1
10dup: 1
11epoll_create1: 1
12epoll_ctl: 1
13epoll_wait: 1
14eventfd2: 1
15exit: 1
16exit_group: 1
17futex: 1
18futex_time64: 1
19getcwd: 1
20getpid: 1
21gettimeofday: 1
22kill: 1
23madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE
24mremap: 1
25munmap: 1
26nanosleep: 1
27clock_nanosleep: 1
28clock_nanosleep_time64: 1
29pipe2: 1
30poll: 1
31ppoll: 1
32ppoll_time64: 1
33prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME
34read: 1
35readlink: 1
36readlinkat: 1
37readv: 1
38recv: 1
39recvfrom: 1
40recvmsg: 1
41recvmmsg_time64: 1
42restart_syscall: 1
43rt_sigaction: 1
44rt_sigprocmask: 1
45rt_sigreturn: 1
46sched_getaffinity: 1
47sched_yield: 1
48sendmsg: 1
49sendto: 1
50set_robust_list: 1
51sigaltstack: 1
52write: 1
53writev: 1
54uname: 1
55
56# Required for perfetto tracing
57getsockopt: 1
58shutdown: 1
59
60## Rules specific to gpu
61connect: 1
62getrandom: 1
63_llseek: 1
64ftruncate64: 1
65stat64: 1
66statx: 1
67fstat64: 1
68fstatat64: 1
69getdents: 1
70getdents64: 1
71sysinfo: 1
72fstatfs: 1
73fstatfs64: 1
74
75# 0x6400 == DRM_IOCTL_BASE, 0x8000 = KBASE_IOCTL_TYPE (mali), 0x40086200 = DMA_BUF_IOCTL_SYNC, 0x40087543 == UDMABUF_CREATE_LIST
76ioctl: arg1 & 0x6400 || arg1 & 0x8000 || arg1 == 0x40086200 || arg1 == 0x40087543
77
78# Used for sharing memory with wayland. arg1 == MFD_CLOEXEC|MFD_ALLOW_SEALING
79memfd_create: arg1 == 3
80
81## mmap/mprotect differ from the common_device.policy
82mmap2: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ
83mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ
84open: return ENOENT
85openat: 1
86
87## Rules specific to pvr
88geteuid32: 1
89getuid32: 1
90lstat64: 1
91gettid: 1
92fcntl64: 1
93tgkill: 1
94clock_gettime: 1
95clock_gettime64: 1
96
97# Rules specific to Mesa.
98sched_setscheduler: 1
99sched_setaffinity: 1
100kcmp: 1
101
102# Rules for Vulkan loader / layers
103access: 1
104getgid32: 1
105getegid32: 1
106