1*bb4ee6a4SAndroid Build Coastguard Worker# Copyright 2019 The ChromiumOS Authors 2*bb4ee6a4SAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be 3*bb4ee6a4SAndroid Build Coastguard Worker# found in the LICENSE file. 4*bb4ee6a4SAndroid Build Coastguard Worker 5*bb4ee6a4SAndroid Build Coastguard Worker@include /usr/share/policy/crosvm/common_device.policy 6*bb4ee6a4SAndroid Build Coastguard Worker 7*bb4ee6a4SAndroid Build Coastguard Workercopy_file_range: 1 8*bb4ee6a4SAndroid Build Coastguard Workerfallocate: 1 9*bb4ee6a4SAndroid Build Coastguard Workerfchdir: 1 10*bb4ee6a4SAndroid Build Coastguard Workerfchmod: 1 11*bb4ee6a4SAndroid Build Coastguard Workerfchmodat: 1 12*bb4ee6a4SAndroid Build Coastguard Workerfchown32: 1 13*bb4ee6a4SAndroid Build Coastguard Workerfchownat: 1 14*bb4ee6a4SAndroid Build Coastguard Workerfdatasync: 1 15*bb4ee6a4SAndroid Build Coastguard Workerfgetxattr: 1 16*bb4ee6a4SAndroid Build Coastguard Workergetxattr: 1 17*bb4ee6a4SAndroid Build Coastguard Workerfsetxattr: 1 18*bb4ee6a4SAndroid Build Coastguard Workersetxattr: 1 19*bb4ee6a4SAndroid Build Coastguard Workerflistxattr: 1 20*bb4ee6a4SAndroid Build Coastguard Workerlistxattr: 1 21*bb4ee6a4SAndroid Build Coastguard Workerfremovexattr: 1 22*bb4ee6a4SAndroid Build Coastguard Workerremovexattr: 1 23*bb4ee6a4SAndroid Build Coastguard Workerfstatat64: 1 24*bb4ee6a4SAndroid Build Coastguard Workerfstatfs: 1 25*bb4ee6a4SAndroid Build Coastguard Workerfstatfs64: 1 26*bb4ee6a4SAndroid Build Coastguard Workerfsync: 1 27*bb4ee6a4SAndroid Build Coastguard Workergetdents64: 1 28*bb4ee6a4SAndroid Build Coastguard Workergetegid32: 1 29*bb4ee6a4SAndroid Build Coastguard Workergeteuid32: 1 30*bb4ee6a4SAndroid Build Coastguard Workergetrandom: 1 31*bb4ee6a4SAndroid Build Coastguard Workergetresuid32: 1 32*bb4ee6a4SAndroid Build Coastguard Worker# Use constants for verity ioctls since minijail doesn't understand them yet. 33*bb4ee6a4SAndroid Build Coastguard Worker# 0x40806685 = FS_IOC_ENABLE_VERITY 34*bb4ee6a4SAndroid Build Coastguard Worker# 0xc0046686 = FS_IOC_MEASURE_VERITY 35*bb4ee6a4SAndroid Build Coastguard Workerioctl: arg1 == FS_IOC_FSGETXATTR || \ 36*bb4ee6a4SAndroid Build Coastguard Worker arg1 == FS_IOC_FSSETXATTR || \ 37*bb4ee6a4SAndroid Build Coastguard Worker arg1 == FS_IOC_GETFLAGS || \ 38*bb4ee6a4SAndroid Build Coastguard Worker arg1 == FS_IOC_SETFLAGS || \ 39*bb4ee6a4SAndroid Build Coastguard Worker arg1 == FS_IOC_GET_ENCRYPTION_POLICY_EX || \ 40*bb4ee6a4SAndroid Build Coastguard Worker arg1 == 0x40806685 || \ 41*bb4ee6a4SAndroid Build Coastguard Worker arg1 == 0xc0046686 42*bb4ee6a4SAndroid Build Coastguard Workerlinkat: 1 43*bb4ee6a4SAndroid Build Coastguard Workermkdir: 1 44*bb4ee6a4SAndroid Build Coastguard Workermkdirat: 1 45*bb4ee6a4SAndroid Build Coastguard Workermknodat: 1 46*bb4ee6a4SAndroid Build Coastguard Workeropen: return ENOENT 47*bb4ee6a4SAndroid Build Coastguard Workeropenat: 1 48*bb4ee6a4SAndroid Build Coastguard Workerpreadv: 1 49*bb4ee6a4SAndroid Build Coastguard Workerpwritev: 1 50*bb4ee6a4SAndroid Build Coastguard Workerrenameat2: 1 51*bb4ee6a4SAndroid Build Coastguard Workersetresgid32: 1 52*bb4ee6a4SAndroid Build Coastguard Workersetresuid32: 1 53*bb4ee6a4SAndroid Build Coastguard Workerstatx: 1 54*bb4ee6a4SAndroid Build Coastguard Workersymlinkat: 1 55*bb4ee6a4SAndroid Build Coastguard Workerumask: 1 56*bb4ee6a4SAndroid Build Coastguard Workerunlinkat: 1 57*bb4ee6a4SAndroid Build Coastguard Workerutimensat: 1 58*bb4ee6a4SAndroid Build Coastguard Workerutimensat_time64: 1 59*bb4ee6a4SAndroid Build Coastguard Workerprctl: arg0 == PR_SET_NAME || arg0 == PR_SET_SECUREBITS || arg0 == PR_GET_SECUREBITS 60*bb4ee6a4SAndroid Build Coastguard Workercapget: 1 61*bb4ee6a4SAndroid Build Coastguard Workercapset: 1 62*bb4ee6a4SAndroid Build Coastguard Workerunshare: 1 63