1# Copyright 2019 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5# common policy 6brk: 1 7clone: arg0 & CLONE_THREAD 8close: 1 9dup3: 1 10dup: 1 11epoll_create1: 1 12epoll_ctl: 1 13epoll_pwait: 1 14eventfd2: 1 15exit: 1 16exit_group: 1 17futex: 1 18getpid: 1 19gettimeofday: 1 20kill: 1 21madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE 22mmap: arg2 in ~PROT_EXEC 23mprotect: arg2 in ~PROT_EXEC 24mremap: 1 25munmap: 1 26nanosleep: 1 27pipe2: 1 28ppoll: 1 29prctl: arg0 == PR_SET_NAME 30read: 1 31recvfrom: 1 32recvmsg: 1 33restart_syscall: 1 34rt_sigaction: 1 35rt_sigprocmask: 1 36rt_sigreturn: 1 37sched_getaffinity: 1 38sendmsg: 1 39set_robust_list: 1 40sigaltstack: 1 41write: 1 42 43# tpm-specific policy 44chdir: 1 45fstat: 1 46fsync: 1 47ftruncate: 1 48getuid: 1 49lseek: 1 50mkdirat: 1 51openat: 1 52socket: return EACCES 53statx: 1 54