1*bb4ee6a4SAndroid Build Coastguard Worker# Copyright 2021 The ChromiumOS Authors 2*bb4ee6a4SAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be 3*bb4ee6a4SAndroid Build Coastguard Worker# found in the LICENSE file. 4*bb4ee6a4SAndroid Build Coastguard Worker 5*bb4ee6a4SAndroid Build Coastguard Worker# Rules from common_device.policy with some rules removed because they block certain flags needed 6*bb4ee6a4SAndroid Build Coastguard Worker# for gpu. 7*bb4ee6a4SAndroid Build Coastguard Workerbrk: 1 8*bb4ee6a4SAndroid Build Coastguard Workerclone3: 1 9*bb4ee6a4SAndroid Build Coastguard Workerclose: 1 10*bb4ee6a4SAndroid Build Coastguard Workerdup2: 1 11*bb4ee6a4SAndroid Build Coastguard Workerdup: 1 12*bb4ee6a4SAndroid Build Coastguard Workerepoll_create1: 1 13*bb4ee6a4SAndroid Build Coastguard Workerepoll_ctl: 1 14*bb4ee6a4SAndroid Build Coastguard Workerepoll_pwait: 1 15*bb4ee6a4SAndroid Build Coastguard Workerepoll_wait: 1 16*bb4ee6a4SAndroid Build Coastguard Workereventfd2: 1 17*bb4ee6a4SAndroid Build Coastguard Workerexit: 1 18*bb4ee6a4SAndroid Build Coastguard Workerexit_group: 1 19*bb4ee6a4SAndroid Build Coastguard Workerftruncate: 1 20*bb4ee6a4SAndroid Build Coastguard Workerftruncate64: 1 21*bb4ee6a4SAndroid Build Coastguard Workerfutex: 1 22*bb4ee6a4SAndroid Build Coastguard Workerfutex_time64: 1 23*bb4ee6a4SAndroid Build Coastguard Workergetcwd: 1 24*bb4ee6a4SAndroid Build Coastguard Workergetpid: 1 25*bb4ee6a4SAndroid Build Coastguard Workergettid: 1 26*bb4ee6a4SAndroid Build Coastguard Workergettimeofday: 1 27*bb4ee6a4SAndroid Build Coastguard Workerio_uring_setup: 1 28*bb4ee6a4SAndroid Build Coastguard Workerio_uring_register: 1 29*bb4ee6a4SAndroid Build Coastguard Workerio_uring_enter: 1 30*bb4ee6a4SAndroid Build Coastguard Workerkill: 1 31*bb4ee6a4SAndroid Build Coastguard Workermadvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE || arg2 == MADV_MERGEABLE || arg2 == MADV_FREE 32*bb4ee6a4SAndroid Build Coastguard Workermembarrier: 1 33*bb4ee6a4SAndroid Build Coastguard Worker# memfd_create is used for sharing memory with wayland. 34*bb4ee6a4SAndroid Build Coastguard Worker# For normal use case, we allow arg1 == MFD_CLOEXEC|MFD_ALLOW_SEALING, with or without MFD_NOEXEC_SEAL. 35*bb4ee6a4SAndroid Build Coastguard Worker# However, we allow all the arguments here for backtrace when it panics. 36*bb4ee6a4SAndroid Build Coastguard Workermemfd_create: 1 37*bb4ee6a4SAndroid Build Coastguard Workermremap: 1 38*bb4ee6a4SAndroid Build Coastguard Workermunmap: 1 39*bb4ee6a4SAndroid Build Coastguard Workernanosleep: 1 40*bb4ee6a4SAndroid Build Coastguard Workerclock_nanosleep: 1 41*bb4ee6a4SAndroid Build Coastguard Workerclock_nanosleep_time64: 1 42*bb4ee6a4SAndroid Build Coastguard Workerpipe2: 1 43*bb4ee6a4SAndroid Build Coastguard Workerpoll: 1 44*bb4ee6a4SAndroid Build Coastguard Workerppoll: 1 45*bb4ee6a4SAndroid Build Coastguard Workerppoll_time64: 1 46*bb4ee6a4SAndroid Build Coastguard Workerread: 1 47*bb4ee6a4SAndroid Build Coastguard Workerreadlink: 1 48*bb4ee6a4SAndroid Build Coastguard Workerreadlinkat: 1 49*bb4ee6a4SAndroid Build Coastguard Workerreadv: 1 50*bb4ee6a4SAndroid Build Coastguard Workerrecv: 1 51*bb4ee6a4SAndroid Build Coastguard Workerrecvfrom: 1 52*bb4ee6a4SAndroid Build Coastguard Workerrecvmsg: 1 53*bb4ee6a4SAndroid Build Coastguard Workerrecvmmsg_time64: 1 54*bb4ee6a4SAndroid Build Coastguard Workerrestart_syscall: 1 55*bb4ee6a4SAndroid Build Coastguard Workerrseq: 1 56*bb4ee6a4SAndroid Build Coastguard Workerrt_sigaction: 1 57*bb4ee6a4SAndroid Build Coastguard Workerrt_sigprocmask: 1 58*bb4ee6a4SAndroid Build Coastguard Workerrt_sigreturn: 1 59*bb4ee6a4SAndroid Build Coastguard Workersched_getaffinity: 1 60*bb4ee6a4SAndroid Build Coastguard Workersched_yield: 1 61*bb4ee6a4SAndroid Build Coastguard Workersendmsg: 1 62*bb4ee6a4SAndroid Build Coastguard Workersendto: 1 63*bb4ee6a4SAndroid Build Coastguard Workerset_robust_list: 1 64*bb4ee6a4SAndroid Build Coastguard Workersigaltstack: 1 65*bb4ee6a4SAndroid Build Coastguard Workerwrite: 1 66*bb4ee6a4SAndroid Build Coastguard Workerwritev: 1 67*bb4ee6a4SAndroid Build Coastguard Workeruname: 1 68*bb4ee6a4SAndroid Build Coastguard Worker 69*bb4ee6a4SAndroid Build Coastguard Worker# Required for perfetto tracing 70*bb4ee6a4SAndroid Build Coastguard Workergetsockopt: 1 71*bb4ee6a4SAndroid Build Coastguard Workershutdown: 1 72*bb4ee6a4SAndroid Build Coastguard Worker 73*bb4ee6a4SAndroid Build Coastguard Worker## Rules specific to gpu 74*bb4ee6a4SAndroid Build Coastguard Workerconnect: 1 75*bb4ee6a4SAndroid Build Coastguard Workergetrandom: 1 76*bb4ee6a4SAndroid Build Coastguard Worker_llseek: 1 77*bb4ee6a4SAndroid Build Coastguard Workerstat64: 1 78*bb4ee6a4SAndroid Build Coastguard Workerstatx: 1 79*bb4ee6a4SAndroid Build Coastguard Workerfstat64: 1 80*bb4ee6a4SAndroid Build Coastguard Workerfstatat64: 1 81*bb4ee6a4SAndroid Build Coastguard Workergetdents: 1 82*bb4ee6a4SAndroid Build Coastguard Workergetdents64: 1 83*bb4ee6a4SAndroid Build Coastguard Workersysinfo: 1 84*bb4ee6a4SAndroid Build Coastguard Workerfstatfs: 1 85*bb4ee6a4SAndroid Build Coastguard Workerfstatfs64: 1 86*bb4ee6a4SAndroid Build Coastguard Workerprctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME 87*bb4ee6a4SAndroid Build Coastguard Worker 88*bb4ee6a4SAndroid Build Coastguard Worker# 0x6400 == DRM_IOCTL_BASE, 0x8000 = KBASE_IOCTL_TYPE (mali), 0x40086200 = DMA_BUF_IOCTL_SYNC, 0x40087543 == UDMABUF_CREATE_LIST 89*bb4ee6a4SAndroid Build Coastguard Workerioctl: arg1 & 0x6400 || arg1 & 0x8000 || arg1 == 0x40086200 || arg1 == 0x40087543 90*bb4ee6a4SAndroid Build Coastguard Worker 91*bb4ee6a4SAndroid Build Coastguard Worker## mmap/mprotect differ from the common_device.policy 92*bb4ee6a4SAndroid Build Coastguard Workermmap2: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ 93*bb4ee6a4SAndroid Build Coastguard Workermprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ 94*bb4ee6a4SAndroid Build Coastguard Workeropen: return ENOENT 95*bb4ee6a4SAndroid Build Coastguard Workeropenat: 1 96*bb4ee6a4SAndroid Build Coastguard Worker 97*bb4ee6a4SAndroid Build Coastguard Worker## Rules specific to pvr 98*bb4ee6a4SAndroid Build Coastguard Workergeteuid32: 1 99*bb4ee6a4SAndroid Build Coastguard Workergetuid32: 1 100*bb4ee6a4SAndroid Build Coastguard Workerlstat64: 1 101*bb4ee6a4SAndroid Build Coastguard Workerfcntl64: 1 102*bb4ee6a4SAndroid Build Coastguard Workertgkill: 1 103*bb4ee6a4SAndroid Build Coastguard Workerclock_gettime: 1 104*bb4ee6a4SAndroid Build Coastguard Workerclock_gettime64: 1 105*bb4ee6a4SAndroid Build Coastguard Worker 106*bb4ee6a4SAndroid Build Coastguard Worker# Rules specific to Mesa. 107*bb4ee6a4SAndroid Build Coastguard Workersched_setscheduler: 1 108*bb4ee6a4SAndroid Build Coastguard Workersched_setaffinity: 1 109*bb4ee6a4SAndroid Build Coastguard Workerkcmp: 1 110*bb4ee6a4SAndroid Build Coastguard Worker 111*bb4ee6a4SAndroid Build Coastguard Worker# Rules for Mesa's u_trace thread 112*bb4ee6a4SAndroid Build Coastguard Workersetpriority: 1 113*bb4ee6a4SAndroid Build Coastguard Worker 114*bb4ee6a4SAndroid Build Coastguard Worker# Rules for Vulkan loader / layers 115*bb4ee6a4SAndroid Build Coastguard Workeraccess: 1 116*bb4ee6a4SAndroid Build Coastguard Workergetgid32: 1 117*bb4ee6a4SAndroid Build Coastguard Workergetegid32: 1 118*bb4ee6a4SAndroid Build Coastguard Worker 119*bb4ee6a4SAndroid Build Coastguard Worker## Rules for vmm-swap 120*bb4ee6a4SAndroid Build Coastguard Workeruserfaultfd: 1 121*bb4ee6a4SAndroid Build Coastguard Worker# 0xc018aa3f == UFFDIO_API, 0xaa00 == USERFAULTFD_IOC_NEW 122*bb4ee6a4SAndroid Build Coastguard Workerioctl: arg1 == 0xc018aa3f || arg1 == 0xaa00 123*bb4ee6a4SAndroid Build Coastguard Worker 124*bb4ee6a4SAndroid Build Coastguard Worker## Rules for mali shader dump (debug workflow) 125*bb4ee6a4SAndroid Build Coastguard Workermkdir: 1 126*bb4ee6a4SAndroid Build Coastguard Workermkdirat: 1 127