1# Copyright 2022 The ChromiumOS Authors 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5# Policy file for a block device used as a vvu backend. 6 7# Copyright 2022 The ChromiumOS Authors 8# Use of this source code is governed by a BSD-style license that can be 9# found in the LICENSE file. 10 11# Policy file for the vhost-user transport over VVU. 12 13ioctl: arg1 == TCGETS || arg1 == TCSETS 14# b/239779171: Temporarily disabled as it is also in common_device.policy. 15# rseq: 1 16# b/239779171: Temporarily disabled as it conflicts with block's definition. 17# pread64: 1 18# pwrite64: 1 19 20# Copyright 2019 The ChromiumOS Authors 21# Use of this source code is governed by a BSD-style license that can be 22# found in the LICENSE file. 23 24brk: 1 25clock_gettime: 1 26clone: arg0 & CLONE_THREAD 27clone3: 1 28close: 1 29dup2: 1 30dup: 1 31epoll_create1: 1 32epoll_ctl: 1 33epoll_pwait: 1 34epoll_wait: 1 35eventfd2: 1 36exit: 1 37exit_group: 1 38ftruncate: 1 39futex: 1 40getcwd: 1 41getpid: 1 42gettid: 1 43gettimeofday: 1 44io_uring_setup: 1 45io_uring_register: 1 46io_uring_enter: 1 47kill: 1 48lseek: 1 49madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE || arg2 == MADV_MERGEABLE || arg2 == MADV_FREE 50membarrier: 1 51memfd_create: 1 52mmap: arg2 in ~PROT_EXEC 53mprotect: arg2 in ~PROT_EXEC 54mremap: 1 55munmap: 1 56nanosleep: 1 57clock_nanosleep: 1 58pipe2: 1 59poll: 1 60ppoll: 1 61read: 1 62readlink: 1 63readlinkat: 1 64readv: 1 65recvfrom: 1 66recvmsg: 1 67restart_syscall: 1 68rseq: 1 69rt_sigaction: 1 70rt_sigprocmask: 1 71rt_sigreturn: 1 72sched_getaffinity: 1 73sched_yield: 1 74sendmsg: 1 75sendto: 1 76set_robust_list: 1 77sigaltstack: 1 78# arg2 == SIGABRT -- ANDROID(b/270404912): modified to 1 - duplicate error. 79tgkill: 1 80write: 1 81writev: 1 82fcntl: 1 83uname: 1 84 85# ANDROID(b/271625758): disabled to fix duplicate syscall error. 86# ## Rules for vmm-swap 87# userfaultfd: 1 88# # 0xc018aa3f == UFFDIO_API, 0xaa00 == USERFAULTFD_IOC_NEW 89# ioctl: arg1 == 0xc018aa3f || arg1 == 0xaa00 90# Copyright 2022 The ChromiumOS Authors 91# Use of this source code is governed by a BSD-style license that can be 92# found in the LICENSE file. 93 94fallocate: 1 95fdatasync: 1 96fstat: 1 97fsync: 1 98open: return ENOENT 99openat: return ENOENT 100newfstatat: 1 101pread64: 1 102preadv: 1 103pwrite64: 1 104pwritev: 1 105statx: 1 106timerfd_create: 1 107timerfd_gettime: 1 108timerfd_settime: 1 109prctl: arg0 == PR_SET_NAME || arg0 == PR_SET_PDEATHSIG 110