• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2020 The ChromiumOS Authors
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5# Rules from common_device.policy with mmap and mprotect removed because the video device needs
6# to allow more arguments for them.
7brk: 1
8clock_gettime: 1
9clone: arg0 & CLONE_THREAD
10clone3: 1
11close: 1
12dup2: 1
13dup: 1
14epoll_create1: 1
15epoll_ctl: 1
16epoll_pwait: 1
17epoll_wait: 1
18eventfd2: 1
19exit: 1
20exit_group: 1
21ftruncate: 1
22futex: 1
23getcwd: 1
24getpid: 1
25gettid: 1
26gettimeofday: 1
27io_uring_setup: 1
28io_uring_register: 1
29io_uring_enter: 1
30kill: 1
31lseek: 1
32madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE || arg2 == MADV_MERGEABLE || arg2 == MADV_FREE
33membarrier: 1
34mremap: 1
35munmap: 1
36nanosleep: 1
37clock_nanosleep: 1
38pipe2: 1
39poll: 1
40ppoll: 1
41read: 1
42readlink: 1
43readlinkat: 1
44readv: 1
45recvfrom: 1
46recvmsg: 1
47restart_syscall: 1
48rseq: 1
49rt_sigaction: 1
50rt_sigprocmask: 1
51rt_sigreturn: 1
52sched_getaffinity: 1
53sched_yield: 1
54sendmsg: 1
55sendto: 1
56set_robust_list: 1
57sigaltstack: 1
58write: 1
59writev: 1
60fcntl: 1
61uname: 1
62
63# Syscalls specific to video devices.
64clock_getres: 1
65connect: 1
66getdents: 1
67getdents64: 1
68getegid: 1
69geteuid: 1
70getgid: 1
71getresgid: 1
72getresuid: 1
73getsockname: 1
74getuid: 1
75# ioctl: arg1 == DRM_IOCTL_*
76ioctl: arg1 & 0x6400
77memfd_create: 1
78newfstatat: 1
79openat: 1
80setpriority: 1
81socket: arg0 == AF_UNIX
82socketpair: arg0 == AF_UNIX
83stat: 1
84fstat: 1
85fstatfs: 1
86statx: 1
87
88# Rules needed for minigbm on AMD devices.
89getrandom: 1
90lstat: 1
91# mmap/mprotect differ from the common_device.policy
92mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ
93mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ
94sched_setaffinity: 1
95sched_setscheduler: arg1 == SCHED_IDLE || arg1 == SCHED_BATCH
96
97# Required by mesa on AMD GPU
98kcmp: 1
99sysinfo: 1
100
101prctl: arg0 == PR_SET_NAME
102
103# ANDROID(b/271625758): disabled to fix duplicate syscall error.
104## Rules for vmm-swap
105#userfaultfd: 1
106# 0xc018aa3f == UFFDIO_API, 0xaa00 == USERFAULTFD_IOC_NEW
107#ioctl: arg1 == 0xc018aa3f || arg1 == 0xaa00
108
109# Required by VAAPI backend
110access: 1
111