1# Copyright 2020 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5# Rules from common_device.policy with mmap and mprotect removed because the video device needs 6# to allow more arguments for them. 7brk: 1 8clock_gettime: 1 9clone: arg0 & CLONE_THREAD 10close: 1 11dup2: 1 12dup: 1 13epoll_create1: 1 14epoll_ctl: 1 15epoll_wait: 1 16eventfd2: 1 17exit: 1 18exit_group: 1 19futex: 1 20getcwd: 1 21getpid: 1 22gettid: 1 23gettimeofday: 1 24io_uring_setup: 1 25io_uring_enter: 1 26kill: 1 27madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE 28mremap: 1 29munmap: 1 30nanosleep: 1 31clock_nanosleep: 1 32pipe2: 1 33poll: 1 34ppoll: 1 35read: 1 36readlink: 1 37readlinkat: 1 38readv: 1 39recvfrom: 1 40recvmsg: 1 41restart_syscall: 1 42rt_sigaction: 1 43rt_sigprocmask: 1 44rt_sigreturn: 1 45sched_getaffinity: 1 46sched_yield: 1 47sendmsg: 1 48sendto: 1 49set_robust_list: 1 50sigaltstack: 1 51write: 1 52writev: 1 53fcntl: 1 54uname: 1 55 56# Syscalls specific to video devices. 57clock_getres: 1 58connect: 1 59getdents: 1 60getdents64: 1 61getegid: 1 62geteuid: 1 63getgid: 1 64getresgid: 1 65getresuid: 1 66getsockname: 1 67getuid: 1 68# ioctl: arg1 == DRM_IOCTL_* 69ioctl: arg1 & 0x6400 70memfd_create: 1 71newfstatat: 1 72openat: 1 73setpriority: 1 74socket: arg0 == AF_UNIX 75stat: 1 76fstat: 1 77fstatfs: 1 78statx: 1 79 80# Rules needed for minigbm on AMD devices. 81getrandom: 1 82lstat: 1 83# mmap/mprotect differ from the common_device.policy 84mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ 85mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ 86sched_setaffinity: 1 87sched_setscheduler: arg1 == SCHED_IDLE || arg1 == SCHED_BATCH 88 89# Required by mesa on AMD GPU 90sysinfo: 1 91 92prctl: arg0 == PR_SET_NAME 93