1# Copyright 2019 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5# common policy 6brk: 1 7clone: arg0 & CLONE_THREAD 8close: 1 9dup3: 1 10dup: 1 11epoll_create1: 1 12epoll_ctl: 1 13epoll_pwait: 1 14eventfd2: 1 15exit: 1 16exit_group: 1 17futex: 1 18getpid: 1 19getrandom: 1 20gettimeofday: 1 21kill: 1 22madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE 23mmap: arg2 in ~PROT_EXEC 24mprotect: arg2 in ~PROT_EXEC 25mremap: 1 26munmap: 1 27nanosleep: 1 28clock_nanosleep: 1 29pipe2: 1 30ppoll: 1 31prctl: arg0 == PR_SET_NAME 32read: 1 33recvfrom: 1 34recvmsg: 1 35restart_syscall: 1 36rt_sigaction: 1 37rt_sigprocmask: 1 38rt_sigreturn: 1 39sched_getaffinity: 1 40sendmsg: 1 41set_robust_list: 1 42sigaltstack: 1 43write: 1 44 45# tpm-specific policy 46chdir: 1 47fstat: 1 48fsync: 1 49ftruncate: 1 50getuid: 1 51lseek: 1 52mkdirat: 1 53openat: 1 54socket: return EACCES 55statx: 1 56