545         jail: simple_jail(&cfg, "block_device")?,  in create_block_device()
556         jail: None,  in create_vhost_user_block_device()
571         jail: None,  in create_vhost_user_fs_device()
581         jail: simple_jail(&cfg, "rng_device")?,  in create_rng_device()
595         Some(jail) => {  in create_tpm_device()
598             jail.mount_with_data(  in create_tpm_device()
606             let crosvm_ids = add_crosvm_user_to_jail(jail, "tpm")?;  in create_tpm_device()
617             jail.mount_bind(&tpm_storage, &tpm_storage, true)?;  in create_tpm_device()
629         jail: tpm_jail,  in create_tpm_device()
652         jail: simple_jail(&cfg, "input_device")?,  in create_single_touch_device()
676         jail: simple_jail(&cfg, "input_device")?,  in create_multi_touch_device()
697         jail: simple_jail(&cfg, "input_device")?,  in create_trackpad_device()
712         jail: simple_jail(&cfg, "input_device")?,  in create_mouse_device()
727         jail: simple_jail(&cfg, "input_device")?,  in create_keyboard_device()
742         jail: simple_jail(&cfg, "input_device")?,  in create_switches_device()
758         jail: simple_jail(&cfg, "input_device")?,  in create_vinput_device()
768         jail: simple_jail(&cfg, "balloon_device")?,  in create_balloon_device()
792         jail: simple_jail(&cfg, "net_device")?,  in create_tap_net_device()
836         jail: simple_jail(&cfg, policy)?,  in create_net_device()
847         jail: None,  in create_vhost_user_net_device()
896     let jail = match simple_jail(&cfg, "gpu_device")? {  in create_gpu_device()  localVariable
897         Some(mut jail) => {  in create_gpu_device()
900             jail.mount_with_data(  in create_gpu_device()
910             jail.mount_bind(sys_dev_char_path, sys_dev_char_path, false)?;  in create_gpu_device()
912             jail.mount_bind(sys_devices_path, sys_devices_path, false)?;  in create_gpu_device()
916                 jail.mount_bind(drm_dri_path, drm_dri_path, false)?;  in create_gpu_device()
939                     jail.mount_bind(shadercache_path, shadercache_path, true)?;  in create_gpu_device()
946                 jail.mount_bind(mali0_path, mali0_path, true)?;  in create_gpu_device()
951                 jail.mount_bind(pvr_sync_path, pvr_sync_path, true)?;  in create_gpu_device()
957                 jail.mount_bind(udmabuf_path, udmabuf_path, true)?;  in create_gpu_device()
971                     jail.mount_bind(dir_path, dir_path, false)?;  in create_gpu_device()
981                 jail.mount_bind(path, jailed_wayland_path, true)?;  in create_gpu_device()
984             add_crosvm_user_to_jail(&mut jail, "gpu")?;  in create_gpu_device()
988             jail.mount(  in create_gpu_device()
999                 jail.mount_bind(perfetto_path, perfetto_path, true)?;  in create_gpu_device()
1002             Some(jail)  in create_gpu_device()
1009         jail,  in create_gpu_device()
1034     let jail = match simple_jail(&cfg, "wl_device")? {  in create_wayland_device()  localVariable
1035         Some(mut jail) => {  in create_wayland_device()
1038             jail.mount_with_data(  in create_wayland_device()
1051                 jail.mount_bind(dir, dir, true)?;  in create_wayland_device()
1053             add_crosvm_user_to_jail(&mut jail, "Wayland")?;  in create_wayland_device()
1055             Some(jail)  in create_wayland_device()
1062         jail,  in create_wayland_device()
1072     let jail = match simple_jail(&cfg, "video_device")? {  in create_video_device()  localVariable
1073         Some(mut jail) => {  in create_video_device()
1076                     add_crosvm_user_to_jail(&mut jail, "video-decoder")?  in create_video_device()
1079                     add_crosvm_user_to_jail(&mut jail, "video-encoder")?  in create_video_device()
1084             jail.mount_with_data(  in create_video_device()
1094             jail.mount_bind(dev_dri_path, dev_dri_path, false)?;  in create_video_device()
1100                 jail.mount_bind(sys_dev_char_path, sys_dev_char_path, false)?;  in create_video_device()
1102                 jail.mount_bind(sys_devices_path, sys_devices_path, false)?;  in create_video_device()
1106                 jail.mount_bind(lib_dir, lib_dir, false)?;  in create_video_device()
1111             jail.mount_bind(dev_urandom_path, dev_urandom_path, false)?;  in create_video_device()
1113             jail.mount_bind(system_bus_socket_path, system_bus_socket_path, true)?;  in create_video_device()
1115             Some(jail)  in create_video_device()
1126         jail,  in create_video_device()
1148         jail: simple_jail(&cfg, "vhost_vsock_device")?,  in create_vhost_vsock_device()
1171         let mut jail = create_base_minijail(src, Some(max_open_files), Some(&config))?;  in create_fs_device()  localVariable
1174         jail.set_remount_mode(libc::MS_SLAVE);  in create_fs_device()
1176         jail  in create_fs_device()
1189         jail: Some(j),  in create_fs_device()
1202     let (jail, root) = if cfg.sandbox {  in create_9p_device()
1212         let mut jail = create_base_minijail(src, Some(max_open_files), Some(&config))?;  in create_9p_device()  localVariable
1215         jail.set_remount_mode(libc::MS_SLAVE);  in create_9p_device()
1219         (Some(jail), root)  in create_9p_device()
1232         jail,  in create_9p_device()
1327         jail: simple_jail(&cfg, "pmem_device")?,  in create_pmem_device()
1338     let jail = match simple_jail(&cfg, "serial")? {  in create_console_device()  localVariable
1339         Some(mut jail) => {  in create_console_device()
1343             jail.mount_with_data(  in create_console_device()
1350             add_crosvm_user_to_jail(&mut jail, "serial")?;  in create_console_device()
1351             let res = param.add_bind_mounts(&mut jail);  in create_console_device()
1355             Some(jail)  in create_console_device()
1362         jail, // TODO(dverkamp): use a separate policy for console?  in create_console_device()
1533                     jail: simple_jail(&cfg, "input_device")?,  in create_virtio_devices()
1547                     jail: simple_jail(&cfg, "input_device")?,  in create_virtio_devices()
1661         pci_devices.push((dev, stub.jail));  in create_devices()
1667         let jail = simple_jail(&cfg, dev.minijail_policy())?;  in create_devices()  localVariable
1668         pci_devices.push((Box::new(dev), jail));  in create_devices()
1725 fn add_crosvm_user_to_jail(jail: &mut Minijail, feature: &str) -> Result<Ids> {  in add_crosvm_user_to_jail()
1744     jail.change_uid(crosvm_uid);  in add_crosvm_user_to_jail()
1745     jail.change_gid(crosvm_gid);  in add_crosvm_user_to_jail()
1746     jail.uidmap(&format!("{0} {0} 1", crosvm_uid))  in add_crosvm_user_to_jail()
1748     jail.gidmap(&format!("{0} {0} 1", crosvm_gid))  in add_crosvm_user_to_jail()
2444         let jail = match simple_jail(&cfg, "battery")? {  in run_vm()  localVariable
2446             Some(mut jail) => {  in run_vm()
2450                     add_crosvm_user_to_jail(&mut jail, "battery")?;  in run_vm()
2453                     jail.mount_with_data(  in run_vm()
2462                     jail.mount_bind(system_bus_socket_path, system_bus_socket_path, true)?;  in run_vm()
2464                 Some(jail)  in run_vm()
2468         (&cfg.battery_type, jail)  in run_vm()