1# Copyright 2020 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5@include /usr/share/policy/crosvm/common_device.policy 6 7# Syscalls specific to video devices. 8clock_getres: 1 9connect: 1 10getdents: 1 11getdents64: 1 12getegid: 1 13geteuid: 1 14getgid: 1 15getresgid: 1 16getresuid: 1 17getsockname: 1 18getuid: 1 19# ioctl: arg1 == DRM_IOCTL_* 20ioctl: arg1 & 0x6400 21openat: 1 22sched_yield: 1 23setpriority: 1 24socket: arg0 == AF_UNIX 25stat: 1 26fstat: 1 27 28# Rules needed for minigbm on AMD devices. 29getrandom: 1 30lstat: 1 31# mmap/mprotect differ from the common_device.policy 32mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ 33mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ 34readlink: 1 35sched_setaffinity: 1 36sched_setscheduler: arg1 == SCHED_IDLE || arg1 == SCHED_BATCH 37uname: 1 38 39# Required by mesa on AMD GPU 40sysinfo: 1 41 42prctl: arg0 == PR_SET_NAME 43